Workplace Privacy, Data Management & Security Report : Privacy Lawyers & Attorneys : Jackson Lewis Law Firm : Data Security, HIPAA & Confidentiality Issues

 Does your HR staff know the limits on what they could tell prospective employers about former employees?

In this case, the US Equal Employment Opportunity Commission (EEOC) alleged that 7-Eleven of Hawaii failed to keep a former employee’s medical information confidential by disclosing the information to a prospective employer, in violation of the ADA, which caused the prospective employer to rescind a job offer. The EEOC filed suit in federal district court ( EEOC v 7-Eleven of Hawaii, Inc, DHaw, No CV 07-00478-SPK-BMK) and, after the District Court ruled in 7-Eleven’s favor, the EEOC appealed the decision in August 2008 to the US Court of Appeals for the Ninth Circuit.

However, on August 2, the EEOC announced a settlement under which 7-Eleven of Hawaii will:

1. pay $10,000,   
2. provide annual training to its human resources personnel and managers in equal employment opportunity, with an emphasis the ADA requirements concerning confidentiality, and
3. for a period of two years, 7-Eleven will also be required to report annually to the EEOC regarding the company’s policies and proposed training programs with respect to disability discrimination, medical disclosure, non-retaliation, and reasonable accommodation.

In comments about the case, EEOC representatives made clear that the ADA confidentiality requirements apply to applicants, current employees and former employees. Earlier in the year, we wrote about a recent EEOC senior staff attorney's informal letter concerning the duties of federal employees and contractors relating to medical confidentiality. It is unclear whether these actions by the EEOC suggests a greater emphasis on enforcement of medical records confidentiality under the ADA. Regardless, employers should be taking preventive steps to comply with these requirements. Some steps include:

• Creating a culture of confidentiality concerning medical records, whether those records are subject to ADA, HIPAA or some other law.
• Reminding employees that medical information is confidential and access is on a need-to-know basis.
• Reviewing and revising administrative, physical, and technical safeguards as necessary and appropriate to safeguard medical information, such as requiring employees to keep their desks clear of sensitive information and locking doors and file cabinets.

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Contributed by: Joseph J. Lynett

In a February 18, 2010, informal letter, an Equal Employment Opportunity Commission senior staff attorney responded to an inquiry concerning the duties of federal employees and contractors relating to medical confidentiality under the Rehabilitation Act. The letter discusses the role of medical records custodians (MRCs) - those individuals whose official duties require access to employee medical information. Because the same legal standards apply to private-sector employers under the Americans with Disabilities Act’s medical confidentiality rules, the principles discussed in this letter can be helpful for all employers, including federal contractors.

The letter explains that MRCs should work in an environment that does not allow for unauthorized co-workers to have access to employee medical information. It goes on to list certain steps federal agencies and covered contractors should take to safeguard the confidentiality of employee medical information:

1. Remind all employees that medical information is confidential and only MRCs are authorized to have access to such information on a need-to-know basis.
2. Issue a memorandum informing all employees that anyone who discusses another employee's medical information with unauthorized persons or reads medical documents not intended for him or her will be disciplined.
3. To ensure that other employees, including other MRCs, cannot overhear conversations about an employee's confidential medical information, consider providing an office with a door that an MRC can use when he or she needs to discuss an employee's medical condition or history by telephone or in person.
4. Install a fax machine that is shared only by other MRCs in the office, with the door kept locked except when in use by an MRC.
5. Remind MRCs to keep any employee medical information in a locked file cabinet in their cubicles or in a file cabinet in the shared office to which only other MRCs have access.
6. Periodically audit policies and procedures to ensure sufficient measures are in place to guarantee the confidentiality of employee medical information and protect against unauthorized disclosure.

While the EEOC Office of Legal Counsel’s letter is not an official opinion of the Commission, it provides insights into the EEOC’s view of potential safeguards to protect against unlawful disclosure of employee medical information under the ADA and Rehabilitation Act. Organizations with multiple departments reviewing employee medical information in connection with an injury or illness (such as departments for occupational health, risk management, HR and benefits) may have the greatest need to adopt recommended safeguards to protect employee medical information from unlawful disclosure.
 

• Email This
• Print
• Comments
• Trackbacks
• Share Link

Contributed by Kathryn J. Russo.

A recent case emphasizes that employers must ensure they do not make improper medical inquiries related to pre-employment drug test results at the pre-offer stage. John Harrison v. Benchmark Electronics, Inc., No. 08-16656, 2010 App. LEXIS 632 (11th Cir. Jan. 11, 2010). Some valuable lessons for employers are discussed below.

The Eleventh Circuit Court of Appeals permitted an applicant who was not hired after testing positive for drugs used to control his epilepsy to proceed with his lawsuit asserting claims under the Americans with Disabilities Act because there were factual issues whether the employer made an improper medical inquiry and denied employment on that basis.

• Email This
• Print
• Comments (1)
• Trackbacks
• Share Link