Posted: June 20th, 2021
Employees of an organization should expect for their health information to remain private. Just as the government has found it necessary to create laws to protect employees from discrimination, they have had to create laws to safeguard an employee’s protected health information (PHI). These laws include: Health Insurance Portability and Accountability Act of 1996 (HIPAA), Americans with Disabilities Act (ADA) and Occupational Safety and Health Act (OSHAct).
While each law explicitly protects employee health information, it also allows employers to use certain PHI to meet certain requirements of each law and to ensure the safety of employees. What is Protected Health Information? What is protected health information? According to Davis and Salver-Malyska, protected health information is defined as individually identified health information transmitted electronically or maintained or stored on any electronic media (2003, p. 31-32).
In the United States the HIPAA Privacy Rule allows employers if acting as Plan Administrator to obtain certain PHI. There is no way around this, because the administrator must ask the employee’s doctor to complete certifications and provide back the employers. Companies that have an HMO and also have Workman Compensation, Family Medical Leave Act (FMLA), Short-term and Long term Disability plans will require the doctor or the employee to provide medical certifications that support the need for the employee to be on leave or restricted duty.
Under the FMLA, companies are required to also get PHI for an employee’s family member is the leave is requested to take care of a sick or injured family member. Other types of PHI collected by employers include, pre-employee physical information, drug testing prior to employment and random testing. This information is required as part of the hiring process or company liability coverage depending on the nature of the business or job. According to Cascio, the employer is required to indicate if a leave is FMLA and the reason for the leave (2010, p. 9). Ethical and Trust Issues At issue with each type of PHI collected or reviewed there is the potential of the employee’s privacy being compromised? If companies to not set standard, required policies and procedures for those employees requesting and handling the PHI, then there could be major breaches. Once the breach as occurred, an employee’s trust is eroded. Managers and supervisors should be provided training, as most of the information for Workman Comp, FMLA or STD claims is already provided to the employee’s management.
But even still, employers cannot directly ask health care providers the nature of an employee’s situation unless the employee has provided or agreed to release the information. According to Colquitt, Lepine and Wesson, trust by an employee is their implied and explicit agreement to allow themselves to be vulnerable to a trustee (2009, p. 219). Just the thought of PHI being made accessible to individuals who may not be trustworthy creates considerable distress by the employee. An example, of distressed trust, would be an employee who is HIV positive, who is required to take a pre-employment physical.
While in theory and supposed practice, an employer is not to request a pre-employment physical until after the offer I made. Nonetheless the employee would still have feelings of reluctance to allow the testing just to get a job. Another example includes the employee who is covered by the ADA, where a company must make reasonable accommodations for the employee’s disability. Which means management and HR must ask the question and place into service, the items or accommodations they employee need to meet the projected expectations. In January 2009, the Bush administration published updated FMLA regulations. One key section clarifies the rules regarding who may request additional information about an employee’s FMLA certification—and how it should be sought”. Recommendations In my experience as a manger, I refrain from asking employees PHI regarding them or their families. When you have employees who have small children, elderly parents and a disabled spouse, managers must ensure that they never ask an employee “what is wrong”?
Not only should HR provide training on basic requirements for Workman Comp and HIPAA. Each manager must put safeguards in place to ensure employee records are not compromised. My company has established a process that removes the need to certify or review medical information for return to work instances. Employees submit items directly to an HR professional and not to the manager or supervisor. By doing this it removes the possibility of deliberate or unconscious violation of the employee’s privacy rights.
Colquitt, J. A., Lepine, J. A., & Wesson, M. J. (2009). Organizational Behavior;Improving Performance and Committment in the Workplace. New York: McGraw Hill. Cascio, W. F. (2010). Managing Human Resources: Productivity, Quality of Work Life, Profits. New York: McGraw-Hill Companies, Inc. Davis, V., & Silver-Malyska, T. (2003). Employers Liability for Use and Disclosure of Individual Health Information: HIPAA Privacy and Employer Functions. Benefits Law Journal, 16(2), 29-46.
Place an order in 3 easy steps. Takes less than 5 mins.