Your medical history is intensely personal. You certainly wouldn't want it plastered on the company bulletin board. Disclosing sensitive medical information can lead to discrimination, stigma, and just plain discomfort. Nobody wants their boss knowing about their migraines, fertility treatments, or mental health struggles unless they choose to share that information. If you have a disability that causes issues with your work, you might be wondering whether your employer required to keep your medical information private. The short answer is generally, yes, but like with most legal issues, there are nuances and exceptions. Let's break it down.

The Foundation: HIPAA Doesn't Always Apply (Unfortunately)

Many people automatically think of HIPAA (the Health Insurance Portability and Accountability Act) when discussing medical privacy. The HIPAA Privacy Rule defines what constitutes individually identifiable health information and how it should be protected from unauthorized uses and disclosures.  While HIPAA is a powerful law, it primarily protects your medical information held by healthcare providers and health insurance companies. Your employer usually isn't covered under HIPAA in its role as an employer unless it’s directly involved in providing your healthcare (e.g., a company clinic).  For example, a new employee’s health information disclosed to an HR department is not protected by HIPAA. 

So, What Does Protect Me? Key Pennsylvania Protections:

Even without HIPAA, Pennsylvania and federal laws provide significant protections for your medical information held by your employer. Here are the main players:

The Americans with Disabilities Act (ADA)

The ADA, a federal law, is a HUGE protector when it comes to medical information. Here's how:

• Pre-employment: Before you're hired, your employer generally can't ask you about your medical history or require a medical examination. They can only ask if you can perform the essential functions of the job with or without reasonable accommodation.

  
  

• During employment: Once you're hired, the ADA limits when an employer can ask for medical information or require a medical examination. This is usually allowed only if it's job-related and consistent with business necessity. Think:

  • An employer noticing performance problems might ask for a medical exam to determine if it's related to a medical condition.

  • Requiring a fitness-for-duty exam after an employee takes leave due to a medical condition.

    
    

• Confidentiality: The ADA mandates that any medical information obtained by your employer (whether through an exam, voluntary disclosure, or otherwise) must be kept confidential, separate from your personnel file, and only accessed by people who have a legitimate need to know. This usually includes HR personnel, supervisors involved in accommodation decisions, and potentially medical staff.

Pennsylvania Workers' Compensation Act: 

If you're injured at work and file a workers' compensation claim, your employer (or, more accurately, their insurance carrier) will have access to medical information related to that injury. However, this information should still be kept confidential and used only for purposes related to the claim.

• The Genetic Information Nondiscrimination Act (GINA): GINA protects you from discrimination based on genetic information. This means your employer can't request, require, or use your genetic information (or your family's genetic information) for employment decisions.

  
  

• General Privacy Principles: Beyond specific laws, Pennsylvania courts generally recognize a right to privacy, which could extend to medical information, depending on the circumstances. However, this is a less clear-cut area of the law and highly fact-dependent.

  
  

Common Scenarios and Best Practices

Let's look at some common situations:

Sharing Medical Information for Accommodations

If you need a reasonable accommodation under the ADA (like a special chair, protection from environmental conditions in the workplace, modified work schedule), you will likely need to provide some medical documentation to support your request. Remember, your employer only needs enough information to understand your limitations and determine appropriate accommodations. They don't need your entire life story.

Returning from Medical Leave

As mentioned earlier, your employer can require a fitness-for-duty exam before you return to work after medical leave. This is to ensure you can safely perform your job duties.

Drug Testing

Many employers in Pennsylvania conduct drug testing. While technically providing a medical sample, these tests are typically treated differently than traditional medical information and are subject to their own set of regulations.

Authorizations

Your employer can share your medical information if you sign an authorization allowing them to do so.  If presented with such a form, read it completely and do not sign it unless you understand it.  You can also limit the time period during which it is effective and also limit the persons with whom your employer is authorized to share your information.

What to Do If You Suspect a Privacy Breach

If you believe your employer has improperly disclosed your medical information or is using it in a discriminatory way, here's what you should do:

1. Set Expectations Early

If you’re sharing medical information with your employer, before doing so, ask about its policies on protecting your privacy and sharing information.  Ask who will have access to your information and under what circumstances it might be shared.

2. Take Steps to Protect Your Information

Your information is only private if you’ve kept it private.  If you share information with co-workers, your claim to privacy is weakened.  Don’t send it to your employer via email or other unsecured means of communication.  If you want your information to be private, then you have to treat it as private as well.  When conveying your information, tell the sender in the message that you deem the information to be confidential and that it not be shared with anyone without your express prior authorization.

3. Document Everything

Keep a detailed record of any disclosure incident, including dates, times, what was said, and who was involved.

4. Internal Complaint

Consider filing an internal complaint with HR, if you feel comfortable doing so.

5. Legal Consultation

Contact one of Fiffik Law Group’s employment attorneys to discuss your rights and options. We can help you determine if your employer violated the ADA or other relevant laws.

6. File a Charge

You may also be able to file a charge with the Equal Employment Opportunity Commission (EEOC) or the Pennsylvania Human Relations Commission (PHRC).

Key Takeaways:

• While HIPAA doesn't typically apply to employers, other laws like the ADA provide significant protections for your medical information.

• Your employer can only ask for medical information if it's job-related and consistent with business necessity.

• Any medical information your employer collects must be kept confidential.

• If you suspect a privacy breach, document everything and seek legal advice.

Have questions about your employer's medical privacy practices? Give our office a call. We're here to help protect your rights!