As discussed in the November newsletter, when it comes to employee information, there remains a gray area between sharing and sharing too much. To help shed some light on the subject, we reached out to legal experts from KJK, Tucker Ellis LLP, and Thompson Hine LLP to get their input on the matter and have them weigh in on factors to consider when it comes to sharing employee information.
According to KJK, there are several federal laws that require employers to keep their employee’s health-related information confidential. These include: The Americans with Disabilities Act (the ADA), The Genetic Information Nondiscrimination Act (GINA), and The Health Insurance Portability and Accountability Act (HIPAA).
The ADA and GINA typically prevent employers from collecting health information from employees. However, exceptions may be made (with limitations) for voluntary wellness programs, including:
- Employers keeping the programs voluntary
- Shared information being kept confidential & separate from other records
- Health information not being used to make employment decisions
- Requiring employees to provide written authorization stating they understand the terms of sharing their information.
When asked if it is possible to be too cautious when it comes to sharing employee information, Tucker Ellis LLP weighed in saying the reason many employers refuse to disclose information is because of the potential for significant HIPAA violations and penalties. That’s why it’s important to not only know what’s deemed as protected health information, but to understand the disclosure of such information is prohibited unless otherwise permitted.
Along with the concern for HIPPA violations, is a growing concern for identity theft. While employers are generally allowed to collect certain information as part of the hiring process, Thompson Hine discussed the concern employees have about that information being shared outside of their relationship with their employer. As a result of these concerns, many states have placed restrictions on how employers use information (like social security numbers and dates of birth) and stretched restrictions to cover additional information like home addresses, telephone numbers, and email addresses.
If this kind of information is collected by an employer’s group health plan, it is usually protected health information and therefore protected by HIPAA. However, it can still be shared with a vendor (without the employee’s consent) upon having a business associate agreement with the health plan. That being said, it’s the employer’s responsibility to make sure that the disclosure of employee information is not in violation of applicable law, and that the vendor agrees to honor the confidentiality of the information.
Sharing employee health information is important for improving satisfaction, health, and costs. But to avoid the looming issues and concerns about confidentiality, it’s important to ensure employees and their employers are on the same page when it comes to sharing information.
Click here for access to the full articles from KJK, Tucker Ellis, and Thompson Hine.