Workplace Privacy, Data Management & Security Report : Privacy Lawyers & Attorneys : Jackson Lewis Law Firm : Data Security, HIPAA & Confidentiality Issues

One of the more common issues faced by healthcare practices (and businesses generally) is how to respond to subpoenas or other requests for medical records of patients and employees. Those who receive these requests often feel compelled to respond in a timely fashion, particularly when it is an attorney subpoena or letter. Unfortunately, responses are made before fully considering critical legal and professional risks.

Consider the following examples:

• A New Jersey physician was forced to defend his access to family medical records without consent or authorization before the New Jersey Board of Medical Examiners resulting in defense costs and ultimately continuing education requirements for the physician;
• An Illinois hospital incurred significant legal fees to defend its disclosure of medical records in connection with the plaintiff’s divorce action.
• Ohio's Cleveland Clinic could not convince a federal district court to dismiss a patient's claim for invasion of privacy following the clinic’s disclosure of medical records to a grand jury in response to a subpoena. The court found the state's patient-physician privilege more protective than HIPAA. Turk v. Oiler, No. 09-CV-381 (N.D. Ohio Feb. 1, 2010).
• An Alabama patient's claim that his physician impermissibly disclosed his medical records to his employer survived a motion for summary judgment because the physician made the disclosure without having received a written request, as required under state law.
• In Wisconsin, a pharmacist was sued after disclosing an employee's prescription history to his employer. The pharmacist's ignorance of the states privacy laws and the employee's attorneys false pretenses to obtain the information were not a sufficient defense. The court found the release was knowing and willful and held the pharmacist must be familiar with the technical requirements for releasing patient data.
• A Court held another New Jersey doctor liable when he released a patient's records to opposing counsel pursuant to an improper subpoena, even though the subpoena's defects were of a technical nature. Again, the Court required the doctor to know the laws regarding patient privacy, specifically noting it was the doctor's burden to consult with legal counsel to ensure the release is proper. Crescenzo v. Crane, 350 N.J. Super. 531 (App. Div. 2002), cert. den. 174 N.J. 364 (2002).

Responding to these requests often is a delicate balance between avoiding being hauled into court for non-compliance with the subpoena/request and violating patient rights, such as by responding to a subpoena that may be improper or invalid, or otherwise failing to take into account applicable federal and state requirements before releasing the records.

Some of the most common issues which must be considered are:

1. What type of information is contained within the records requested?
2. What statutory, regulatory or common law protections apply to some or all of the information requested, such as the patient-physician privilege?
3. Is the authorization valid?
4. Whether responding to the subpoena is appropriate without patient authorization or providing the patient an opportunity to object to the disclosure?
5. Is a court order, including an order with specific findings, needed for some or all of the responsive information?
6. Is the requesting party authorized to be acting for the individual/patient/employee?
7. What safeguards should be taken to ensure the disclosure is made in a secure manner?
8. Must the business keep a record/account for the disclosure?

As more and more individuals, entities and attorneys seek medical information, including through discovery in litigation, these issues will only become more prevalent. Most healthcare practices look to HIPAA as the governing law that determines the proper use and disclosure of patient data, but state laws and professional obligations also must also be considered. Under HIPAA, a covered entity generally may not use or disclose an individual’s protected health information without a written authorization or providing the individual the opportunity to agree or object. There are, however, a number of thorny exceptions, such as for requests made in the course of judicial or administrative proceedings, or disclosures to law enforcement.

Nevertheless, HIPAA generally provides that these exceptions can be trumped by more stringent state laws that prohibit uses or disclosures of PHI without certain additional protections. In fact, courts routinely look to not only generally applicable state statutory requirements, but also protections under the "common law." This fact has been highlighted in decisions from courts throughout the country, as well as decisions by state boards of medical examiners, including those summarized above. In addition to fines and penalties which can be extensive, the cost of litigation to defend these suits can run into the tens of thousands of dollars, all for “simply” responding to what appears to be a lawfully issued subpoena or request.

Medical offices, clinics and practices, in particular, need to have a comprehensive, easy to understand plan that addresses what to do when staff receive requests for patient records. The plan should anticipate the kinds of requests that are likely to be received and the acceptable responses, including approved form documents to be used, as well as a means for documenting the request, verification steps taken and the response. Of course, the plan should alert the user to situations where additional guidance might be advisable to ensure the disclosure itself is proper, as well as the method of disclosure. 

• Email This
• Print
• Comments
• Trackbacks

As we continue to examine the final HIPAA privacy and security regulations, as amended by the HITECH Act and the Genetic Information Nondiscrimination Act, we pulled together a summary of some of the key points. We fully expect additional sub-regulatory guidance to be provided by OCR, such as frequently asked questions and sample business associate agreement provisions.

• Email This
• Print
• Comments
• Trackbacks

Recruiters are increasingly turning to social media to screen and recruit candidates. Jobvite’s 2012 Social Recruiting Survey found that 92% of respondents plan to use social media for recruiting.  Often, recruiters are viewing and considering information that should not be utilized in the hiring process.  LinkedIn is replete with information that should not be considered when searching for or selecting candidates.  Yet, the same survey found that LinkedIn is the most popular social networking site for recruiters. 

LinkedIn profiles likely contain photos of candidates and other information identifying a candidate’s race, ethnicity, age, disability, pregnancy, or religion.  Federal and state anti-discrimination laws prohibit companies from using such non-work-related information when hiring.  Additionally, the Equal Employment Opportunity Commission (EEOC) has issued regulations for the employment provisions of the Genetic Information Nondiscrimination Act (GINA) that prohibit acquisition of “genetic information” through social media.  

The EEOC also has made clear that it is focusing its litigation efforts on eliminating systemic discrimination, such as discriminatory barriers in recruitment and hiring. The EEOC’s Compliance Manual states that bias is not always conscious, and that actions infected by stereotyped thinking or other forms of less conscious bias are discriminatory.  It further states that it is discriminatory to use a screening procedure that has a significantly disparate impact.

Employers can separate recruiters who screen applicants through social media from individuals who are making the hiring decision.  This would require a recruiter to search applicants online, scrub prohibited information, and deliver scrubbed profiles to a decision maker. This may be difficult for employers to act on without careful attention to details and legal guidance to avoid significant risks.  The process relies heavily upon a recruiter’s knowledge of employment laws to scrub prohibited information. Avoiding the issue because of its burdensomeness is fast being scrubbed as an option for employers.

Companies also can utilize third parties to screen applicants through social media as long as they are aware of the pitfalls.  First, many employers make little or no effort to determine whether the third party recruiters have developed appropriate safeguards.  Second, the Federal Trade Commission (FTC) has stated that employers who rely upon third parties for social media information about candidates must comply with the Fair Credit Reporting Act (FCRA).  

FCRA requires that an employer notify an applicant when it takes adverse actions based upon a consumer report.  Employers also must provide the rejected applicant with notice of his or her right to view the data relied upon as well as give the individual the opportunity to dispute any inaccurate or incorrect information.  Employers failing to comply with FCRA can be subject to tremendous liability.  For example, Spokeo, Inc., a website that collects and sells detailed consumer information by compiling online data, recently agreed to pay $800,000 to settle FTC charges alleging that it violated FCRA in the employment screening context. 

The EEOC, OFCCP (Office of Federal Contract Compliance Programs), and FTC are beginning to scrutinize employers that use social media to screen applicants.  Unfortunately, LinkedIn and other social media sites do not yet maintain a “safe” site for recruiters.  Employers need to anticipate government inquiry and not await the knock on the door.  Recruiters should be restricted from considering prohibited information about applicants, whether they are working on company time or researching an applicant on their own time.  They need appropriate social media guidelines and policies that are compliant with a host of laws.  Further, they need to be properly trained. 

Ignoring this problem or simply outsourcing recruitment to a third party without careful consideration of these issues and a recruiter’s qualifications is a recipe for lawsuits.

• Email This
• Print
• Comments
• Trackbacks

Complying with the Genetic Information Nondiscrimination Act (GINA) is a growing concern for employers and others. We have developed a comprehensive set of frequently asked questions concerning this new law. If you are interested in learning more about GINA:

• click here for our comprehensive set of frequently asked questions concerning this new law.
• click here for prior articles.

• Email This
• Print
• Comments
• Trackbacks

Have you ever reviewed the Facebook or LinkedIn profile or other social media activity of an employee or applicant? How about requiring employees or applicants to provide access to social media activity as a condition of employment. The Maryland and Illinois legislatures would like to limit employers' ability to engage in this kind of activity with new laws that would be the first of their kind in the nation.

UPDATE - Newly enacted Maryland law prohibits employers from demanding access to Facebook or other on line accounts of employees and applicants.

Maryland. Under one version of the law in Maryland, H.B. 364, employers would not be permitted to

• require an employee or applicant . . . to disclose any user name, password, or other means for accessing any internet site or electronic account through an electronic device, or
• require an employee to install on the employee's personal electronic device software that monitors or tracks the content of the electronic device.  

Under this bill, the employer could not discipline the employee or refuse or fail to hire the applicant for not complying with such requests. However, an employer could require an employee to disclose username, password or other means of access to the employer's internal computer or information systems. 

The provision that would prohibit employers from monitoring or tracking content on electronic devices would present a dilemma for employers faced with various legal and ethical obligations to safeguard personal and other confidential data. Many employers are struggling to find ways to track, limit, and in some cases encrypt, personal and other confidential information maintained on portable electroinc devices, including the personal devices of employees. This bill would make that process more challenging, particulalry for businesses with nationwide operations in heavily regulated businesses such as healthcare, insurance, finance and so on.   

Two other bills (H.B. 310, S.B. 434) also are being considered that would prohibit public and nonpublic colleges and universities from making similar demands on students and applicants.

Illinois. The Illinois law being considered (H.B. 3782) would make it unlawful for "any employer to ask any prospective employee to provide any username, password, or other related account information in order to gain access to a social networking website where that prospective employee maintains an account or profile."

Existing Risks with Searching/Monitoring the Social Media Activity of Employees or Applicants. The Maryland and Illinois laws, if passed, may be the first of their kind, but they certainly are not the first risks employers have faced when engaging in this kind of activity. In fact, there are a range of existing risks employers must consider, such as

• Finding medical information protected under the American with Disabilities Act or the Genetic Information Nondiscrimination Act.
• Acting inconsistently when similar information is found about different applicants/employees/executives.
• Acting on information that is not true.
• Intruding into private areas.  
• Failure to document the steps taken in conducting the search.
• Not realizing the Fair Credit Reporting Act may apply and require consent and notice requirements.
• Unlawfully limiting protected concerted activity under the National Labor Relations Act.

Employers therefore need to proceed carefully when using social media as a tool for making decisions concerning hiring, promotion, discipline, and termination.  Assessing whether to engage in such activity, how and when to do so, who should be authorized to search and monitor in this way, and what training should be provided can go a long way to minimizing these risks.

• Email This
• Print
• Comments
• Trackbacks

In connection with its coverage of national signing day, ESPN.com recently highlighted that social media is increasingly being utilized by coaches to contact, recruit and gather information about players. For players, it's a way to get recruited, control the message and interact with fans and other recruits at unprecedented levels.  And, like in the workplace, misuse of the media can have unfortunate consequences. A New Jersey high school prospect recently found this out when he was expelled from Don Bosco Preparatory after questionable posts were viewed on his Twitter account.  We have noticed similar trends and similar missteps in the employment context, where social media is often being utilized by companies and employees without first being well thought out. 

While the NCAA does provide some social media regulations, online interaction is far less regulated than more “old fashioned” forms of communication. According to Gregg Clifton, Co-chair of the Jackson Lewis’ Collegiate and Professional Sports Industry Group, “The days of face-to-face interaction between coach and recruit have been forever transformed. While the NCAA limits direct phone contact and texting by coaches to recruits, current NCAA regulatory freedom still permits coaches to use social media to contact, recruit, and gather information about players they are considering for their programs.” Similarly, both state and federal employment law struggle to keep up with the ever expanding social media realm.  This was most recently highlighted by the NLRB General Counsel’s report on social media. Consequently, even for employers that do have social media policies, they often do not address key issues such as the company’s presence on-line, regulatory requirements that apply in their industry, and how managers and supervisors should and should not be using the medium. In fact, as shown by many of the NLRB’s rulings discussed in the recent report, many policies contain overbroad proscriptions that violate a variety of laws.  

To keep up with social media, some schools are hiring individuals to monitor the social media of prospective student-athletes and to make sure that improper interaction is not occurring, as well as to ensure confidential information, such as under FERPA, is not being disclosed.  Employers too are seeking to hire individuals to not only assist in utilizing social media for marketing, but also individuals who can monitor how social media is and should be utilized in employment decisions.  This is particularly true for statutes and regulations which one may not necessary link with social media.  For example, employers often don’t realize that they may improperly acquire genetic information in violation of the GINA by “friending” or “following” employees or applicants. 

Of course, schools also are employers…so, while universities and colleges need to institute effective policies and procedures to address their use of social media in recruiting, they also must address social media usage in the employment context.  

• Email This
• Print
• Comments
• Trackbacks

The ECRI Institute recently published an excellent summary of key issues for hospitals concerning social media (registration required), a valuable read for any hospital administrator, risk manager or human resources director. ECRI reports that approximately 4,000 U.S. hospitals own social media sites and that number is sure to grow significantly. One of the reasons for this growth will likely be due in significant part to the increasing number of people looking to social media to research health decisions. According to a National Research Corporation survey cited in the summary, 41% of nearly 23,000 respondents said that they used social media for this purpose.

The summary discusses critical areas for healthcare organizations to consider concerning social media, which can be applied to most other industries:

• Understand the medium - what is social media, what are the different venues (Facebook, LinkedIn, FourSquare etc.), what is the competition doing, what new media is coming.
• Determine desired uses - promotion of services/sales, recruiting, reputation management, community involvement, education, and so on. 
• Assess risks - privacy, network security, employment, reputation, regulatory, malpractice, and protecting the brand.
• Develop policies and procedures - control company message and regulate employee activity.
• Implement and train and reevaluate - limit the number of employees who can speak for the organization, train employees on legal risks (such as with HR looking up applicant/employee background information on line), determine whether social media plan is producing desired results

Businesses in all industries are "going social," and should be developing a comprehensive plan before doing so. The ECRI summary provides a good starting point for thinking through some of the issues, particularly for those in healthcare.   

• Email This
• Print
• Comments
• Trackbacks

The Minnesota Supreme Court issued a decision on November 16, 2011 holding that the state's Genetic Privacy Act, Minn. Stat. Section 13.386 (2010) restricts the collection and use of blood samples taken from newborns pursuant to the state's Newborn Screening Statutes, Minn. Stat. Section 144.125-128.  The litigation, captioned Bearder et al v. State of Minnesota, was initiated by a group of families with children born between 1998 and 2008 who challenged the newborn screening program run by the Minnesota Department of Health ("DOH"). The DOH's program requires the collection of blood samples from newborn children within the fifth day of birth. The DOH analyzes the sample for the presence of substances that indicate the presence of a metabolic disorder. Only one of the many tests, a second level test for cystic fibrosis, analyzes DNA or RNA.  If a portion of any blood sample remained after screening tests were completed, the DOH either stored the sample indefinitely or allowed the Mayo Clinic to use the samples for unrelated studies, provided the samples had been either de-identified or Mayo had received written consent from the child's legal guardian.

Plaintiff's claimed that the Minnesota Genetic Privacy Act required the DOH to obtain informed consent before it could collect, use, store, or disseminate the samples that remained after the newborn health screening was complete. The trial court and Minnesota Court of Appeals rejected plaintiffs' argument, but the Minnesota Supreme Court reversed, holding that the Genetic Privacy Act placed limits on the DOH's practices. A central question in the case was whether a blood sample was properly considered "genetic information" as the term is defined in the state law. The Court held that it was, with one justice dissenting on that question.

Minnesota's Genetic Privacy Act was passed in 2006 as part of the Data Practices Act which governs the use and disclosure of information by state and local government.  Although it is unclear whether the Minnesota Legislature intended to limit section 13.386 to public entities, the plan language of the statute suggests it may govern the collection of genetic information by private companies and employers as well. It certainly serves as a reminder that there is a growing body of federal and state regulation in the area of medical privacy. The lawsuit also highlights the public's growing concern about the use of genetic information and may portend more litigation under federal laws such as GINA - the Genetic Information Nondiscrimination Act. 

• Email This
• Print
• Comments
• Trackbacks

The confidentiality of medical records requirement under the Americans with Disability Act (ADA) is violated when an employer discloses a current or former employee's medical records in response to a state court subpoena absent the employee's release or some other exception under the ADA, the Equal Employment Opportunity Commission (EEOC) recently held in Bennett v. U.S. Postal Serv., 2011 WL 244217 (E.E.O.C.), Jan. 11, 2011.

Companies frequently receive requests for information about current and former employees. These requests often come in the form of an attorney's demand letter or a subpoena and apply to the individual's medical records. Those receiving such requests typically feel compelled to respond without taking the time to think through issues such as: 

• what kind of information in contained within the files being requested;
• what specific statutory or regulatory protections apply for some or all of the information being requested (see below);
• is a response appropriate without an authorization of the individual or giving an individual an opportunity to object;
• is a court order needed for some or all of the information being requested; and
• what safeguards should be taken to ensure the disclosure is secure.

As we have reported previously, failing to think through these issues can be a costly trap for the unwary.

EEOC Analysis

In the Bennett decision cited above, the EEOC sets out the basic ADA requirements concerning confidentiality of employee medical records:

Title I of the [ADA] requires that all information obtained regarding the medical condition or history of an applicant or employee must be maintained on separate forms and in separate files and must be treated as confidential medical records. [Citations omitted]. These requirements also extend to medical information that an
individual voluntarily discloses to an employer. [Citations omitted]. The confidentiality obligation imposed on an employer by the ADA remains regardless of whether an applicant is eventually hired or the employment relationship ends. [Citations omitted]. These requirements apply to confidential medical information from any applicant or employee and are not limited to individuals with disabilities. [Citations omitted].

The decision goes on to explain the general exceptions to these requirements:

• supervisors and managers may be informed regarding necessary restrictions on the work or duties of the employee and necessary accommodations;
• first aid and safety personnel may be informed, when appropriate, if the disability might require emergency treatment; 
• government officials investigating compliance with this part shall be provided relevant information on request;
• employers may disclose medical information to state workers' compensation offices, state second injury funds, workers' compensation insurance carriers, and to health care professionals when seeking advice in making reasonable accommodation determinations; and
• employers may use medical information for insurance purposes.

The EEOC found that the Postal Service's disclosure of Mr. Bennett's medical records in response to the subpoena issued by the Galveston County 405th District Court did not fall into one of these exceptions. The EEOC held that while the ADA allows an employer to comply with the requirements of another federal statute or rule, even if in conflict with the ADA, "it is not a valid defense to argue that the [Postal Service's] actions were required by state law," (emphasis added) unless one of the ADA exceptions applied.  The Commission also noted the subpoena in this case was signed and issued by the Deputy Clerk, and did not qualify as an “order” for purposes of the Privacy Act of 1974, on which the Agency attempted to rely to permit the disclosure.

Because of this violation of the ADA, the EEOC ordered the Postal Service (i) to start an investigation into compensatory and other damages that may be due to Mr. Bennett,  (ii) to conduct training concerning the ADA's confidentiality requirements, and (iii) to prepare a report regarding corrective action. The Postal Service also may be responsible for Mr. Bennett's attorneys' fees, among other things.

Is the ADA the only concern?

In short, no, the ADA is only one protection for medical and other personal information that could trigger exposure for a company that improperly discloses such information. There is an increasing array of federal and state laws that need to be examined, as appropriate, before responding to a request:

• GINA: Regulations issued under Title II (GINA's employment provisions) provide that  employers that possess genetic information must maintain the information in confidence and may not disclose that information except in limited circumstances, such as (i) at the request of the employee, (ii) in response to a court order, (iii) to respond to a request from a government official investigating GINA compliance, or (iv) in support of an employee’s FMLA certification. The preamble to the GINA regulations provides that the court order exception "does not allow disclosures in other circumstances during litigation, such as in response to discovery requests or subpoenas that are not governed by an order specifying that genetic information must be disclosed. Thus, a covered entity’s refusal to provide genetic information in response to a discovery order, subpoena, or court order that does not specify that genetic information must be disclosed is consistent with the requirements of GINA." Additionally, the individual whose genetic information is disclosed may need to be notified. 
• HIPAA: The privacy regulations under HIPAA likewise generally prohibit the disclosure of "protected health information" except in limited circumstances. HIPAA regulation 45 CFR 164.512(e), among other exceptions to the general rule, provides an exception for disclosures in connection with administrative and judicial proceedings. But one of the first questions to ask is whether the information being sought is "protected health information." Very often, employee medical information in a personnel or medical file is not, in the hands of the employer, protected health information subject to HIPAA. 
• 42 USC Part 2: Federal law provides very stringent protection for records relating to substance abuse treatment at certain federally funded facilities. 
• State law: Many states have laws protecting certain classes of medical records from disclosure without taking appropriate safeguards to address confidentiality. This includes application of the physician-patient privilege, as well as statutes and regulations dealing with specific types of information, such as mental health records. 

Because of these issues, businesses should develop a clear policy and procedure to direct employees on how to respond when they receive these requests. 

• Email This
• Print
• Comments
• Trackbacks

The long awaited final Title II regulations under the Genetic Information Nondiscrimination Act (GINA) will be issued tomorrow, November 9, 2010. The Equal Employment Opportunity Commission published proposed regulations under Title II of GINA on March 2, 2009. A period of public comment followed. The final regulations will have an impact on a number of employment practices, including wellness programs. We will be reviewing these regulations together with our Disability, Leave and Health Management Group, as well as our Employee Benefits Group. This guidance is welcomed news as litigation concerning GINA in the workplace has already commenced.

In general, Title II of GINA prohibits use of genetic information in the employment context, restricts
employers and other entities covered by Title II from requesting, requiring, or purchasing genetic
information, and strictly limits such entities from disclosing genetic information. The law
incorporates by reference many of the familiar definitions, remedies, and procedures from Title
VII of the Civil Rights Act of 1964, as amended, and other statutes protecting federal, state, and
Congressional employees from discrimination.

• Email This
• Print
• Comments
• Trackbacks

Co-authors: Frank Alvarez, Michael Soltis, and Joseph Lynett

ABC News has reported that a Fairfield, Connecticut woman, Pamela Fink, yesterday filed claims with the U.S. Equal Employment Opportunity Commission and the Connecticut Commission on Human Rights and Opportunities that her employer violated GINA when it terminated her employment on March 25, 2010. The federal Genetic Information Nondiscrimination Act (GINA) (pdf), which went into effect for employment law purposes on November 21, 2009, prohibits discrimination by employers on the basis of an employee’s “genetic information.” Final EEOC regulations on GINA have not been released.

According to the ABC and other news outlets, after genetic tests and family history indicated Ms. Fink was at risk for breast cancer, she underwent a preemptive double mastectomy. She alleges the termination of her employment, approximately five months after her procedure, was the result of informing her employer of her genetic test results that showed she carried the BRCA2 gene. Under GINA, “genetic information” includes a genetic test (defined in the statute as an “analysis of human DNA, RNA, chromosomes, proteins, or metabolites, that detects genotypes, mutations, or chromosomal changes”).

Her complaint is believed to be the first in the country brought under the employment provisions of GINA. It surely will be watched closely as employers begin to understand the scope of protections for employees under this new law. Employers are awaiting final EEOC regulations, which they hope will clarify the requirements under GINA, among them Title II, Section 202 of the statute. That section provides:

(a) DISCRIMINATION BASED ON GENETIC INFORMATION.—It shall be an unlawful employment practice for an employer—

(1) to fail or refuse to hire, or to discharge, any employee, or otherwise to discriminate against any employee with respect to the compensation, terms, conditions, or privileges of employment of the employee, because of genetic information with respect to the employee; or

(2) to limit, segregate, or classify the employees of the employer in any way that would deprive or tend to deprive any employee of employment opportunities or otherwise adversely affect the status of the employee as an employee, because of genetic information with respect to the employee.

The result of Ms. Fink’s case will not be known for some time. Employers, meanwhile, need to think about how this law affects their employment practices, as well as the group health plans (including any wellness programs) they sponsor for employees. (Title I of GINA specifically applies to group health plans.) We have written extensively on this topic here and elsewhere (pdf).

• Email This
• Print
• Comments
• Trackbacks

The Genetic Information Nondiscrimination Act (GINA) [pdf], signed into law in May 2008, prohibits discrimination by health insurers and employers based on individuals’ genetic information. Genetic information includes the results of genetic tests to determine whether someone is at increased risk of acquiring a condition (such as some forms of breast cancer) in the future, as well as an individual’s family medical history. It is family medical history information that presents the biggest challenge for employers.

In its announcement about the effective date of the regulations, the Equal Employment Opportunity Commission Acting Chair Stuart J. Ishimaru writes: 

GINA affirms the principle central to all employment discrimination laws – that all people have the right to be judged according to their ability to do a job, not on stereotypical assumptions . . . No one should be denied a job or the right to be treated fairly in the workplace based on fears that he or she may develop some condition in the future.

Specifically, the law prohibits the use of genetic information in making employment decisions, restricts the acquisition of genetic information by employers and others, imposes strict confidentiality requirements, and prohibits retaliation against individuals who oppose actions made unlawful by GINA or who participate in proceedings to vindicate rights under the law or aid others in doing so. The same remedies, including compensatory and punitive damages, are available under Title II of GINA as are available under Title VII of the Civil Rights Act and the ADA.

Acting Vice Chair Christine Griffin said,

Title II of GINA is an ideal complement to the ADA Amendments Act. With both laws now effective, American workers are protected if they experience discrimination because of their disability or because of impairments they may develop.

To date, employers’ only regulatory guidance for the employment provisions of GINA (Title II) is a Notice of Proposed Rulemaking, published by the EEOC March 2, 2009. For health plans, which are subject to Title I of GINA, interim final regulations become effective for plan years beginning on and after December 7, 2009.

Employers should be reviewing their employment practices and health plans and wellness plans for compliance with GINA as soon as possible.

Click here for more information about how GINA affects employers.

Click here for more information about how GINA affects health plans. 

Click here for more information about how GINA affects wellness programs.

Click here for information about the new Equal Employment Opportunity Poster that includes information about GINA.

• Email This
• Print
• Comments
• Trackbacks