Privacy Matters When Handling Employee Medical Files

We know that privacy is a primary concern for any properly run wellness program. We wrote about the new EEOC rules here. An analysis can be found here.

The Chicago Business Journal runs a useful piece titled “How to avoid mismanagement of employee medical files.” In the piece, Michael Henckel an associate editor at J. J. Keller & Associates, a compliance resource company, writes: “Contrary to popular belief, the most significant law for employers with regard to medical privacy is the Americans with Disabilities Act (ADA), not the Health Insurance Portability and Accountability Act (HIPAA).”

Henkel states that “under the ADA, any employment-related documentation containing medical information must be maintained in separate, confidential files, completely independent from the general personnel file.”

What is medical information? According to the piece: “Anything related to an employee’s medical condition. It might be the results from pre-employment physical exams, information the employee provides about medications or medical history, and even information obtained through a wellness program.”

The article goes on to explain:

  • How many separate files must be kept
  • How to handle paper vs. electronic files
  • What types of information can be disclosed