OR WAIT null SECS
Rachel V. Rose, JD, MBA, advises clients on compliance and transactions in healthcare, cybersecurity, corporate and securities law, while representing plaintiffs in False Claims Act and Dodd-Frank whistleblower cases. She also teaches bioethics at Baylor College of Medicine in Houston. Rachel can be reached through her website, www.rvrose.com.
A few notable items seemingly intersect with the Health Insurance Portability and Accountability Act (HIPAA).
On May 28, 2021, the U.S. Equal Employment Opportunity Commission (EEOC) updated its Technical Assistance Questions and Answers (hereinafter “EEOC Guidance”) in relation to COVID-19. There are a few notable items, some of which seemingly intersect with the Health Insurance Portability and Accountability Act (HIPAA).
First, the EEOC Guidance serves as a reminder that the Americans with Disabilities Act (ADA) “applies to private employers with 15 or more employees. It also applies to state and local government employers, employment agencies, and labor unions. All nondiscrimination standards under Title I of the ADA also apply to federal agencies under Section 501 of the Rehabilitation Act.”
Second, it answers the question regarding how much information an employer may request from an employee who calls in sick in order to protect the rest of its workforce. The EEOC’s answer:
“[d]uring a pandemic, ADA-covered employers may ask such employees if they are experiencing symptoms of the pandemic virus. For COVID-19, these include symptoms such as fever, chills, cough, shortness of breath, or sore throat. Employers must maintain all information about employee illness as a confidential medical record in compliance with the ADA.” (emphasis added).
This is sage advice, regardless of the size of an organization—treat all sensitive medical information as if it were a patient’s protected health information. Even though HIPAA’s Privacy Rule does not apply to employment records, the Privacy Rule does apply to medical or health plan records if a workforce member is a patient of their provider-employer or a member of a health plan. In light of various state laws, as well as general privacy considerations, employers should always remember not to mention an individual employee by name, even if other workforce members need to be tested as a result of a potential exposure.
As far as COVID-19 vaccinations are concerned, as indicated in the EEOC Guidance, “federal EEOC laws do not prevent an employer from requiring all employees physically entering the workplace to be vaccinated for COVID-19, subject to the reasonable accommodation provisions of Title VII and the ADA and other EEO considerations.” This notion applies whether or not the employer administers the vaccine, or the employee gets the vaccine elsewhere. The critical considerations for employers are to require the vaccine of all employees in order to avoid a discrimination suit, have a process defined in a policy and procedure to address potential accommodations and expressly state that the accommodation may be granted so long as it “does not pose an undue hardship on the operation of the employer’s business.” In sum, these items are particularly notable in a healthcare setting and providers are encouraged to consult outside counsel if a situation arises that cannot be reasonably accommodated.