Medical Privacy at Work
My employer is shopping health insurance and has asked each employee to complete a thorough medical history questionnaire. I understand that an insurance company would require this for underwriting, however, I work at a very small firm and I have doubts of the privacy of the information I provide. Do I have any rights when it comes to keeping my medical history private from my employer, manager and the various co-workers who will no doubt be a part of the "insurance shopping"?
1 answer | asked Oct 9, 2008 10:12 AM [EST] | applies to Arizona
Answers (1)
Medical Privacy rights are limited
Your question seems straightforward enough, but requires a rather long and complicated answer. First, the Americans with Disabilities Act restricts what medical information an employer can request, and employers covered by that law cannot require employees "to complete a thorough medical history questionnaire" at all. See 42 U.S.C. §12112(d). But the ADA only covers employers who employ 15 or more employees, so your "very small firm" probably isn't covered. Likewise, the Family & Medical Leave Act, which allows employers to obtain information related to your need for medical leave, requires that the information be kept separate from personnel or other records, and restricts its use, see 29 C.F.R.§825.500(g). But the FMLA does not apply to employers who have fewer than 50 employees. The Health Insurance Portability and Accountability Act (HIPAA) includes detailed regulations regarding the use and maintenance of medical information to protect its privacy. Unfortunately, HIPAA has no individual remedies for violation of the Act, and it does not apply to employers, only to health care providers, health plans (i.e. insurance companies) and health care clearinghouses (companies that maintain records in databases for use by providers and insurance companies). See 42 U.S.C. §1320d-1(a) and enforcement regulations. So your only recourse in the event your employer violates your privacy by disclosing medical information beyond the "need to know" is to look to state law. HIPAA regulations do not supersede state laws that provide greater privacy protection. See 45 C.F.R. § 160.202. Arizona statutes protecting privacy of medical records and information apply to health care providers and contractors (companies who maintain and copy records for providers), but not to employers. See A.R.S. §12-2291 et seq. So the only protection you have against your employer's inappropriate disclosure of medical information is a common law suit for invasion of privacy. Unfortunately, the standard for proving this kind of claim requires proof of outrageous conduct by the employer. See Valencia v. Duval Corp., 645 P.2d 1262, 132 Ariz. 348 (App., 1982). So the bottom line is that the medical information you provide on the questionnaire may be only as secure as your employer chooses to make it.
posted by Francis Fanning | Oct 10, 2008 8:19 PM [EST]
Your question seems straightforward enough, but requires a rather long and complicated answer. First, the Americans with Disabilities Act restricts what medical information an employer can request, and employers covered by that law cannot require employees "to complete a thorough medical history questionnaire" at all. See 42 U.S.C. §12112(d). But the ADA only covers employers who employ 15 or more employees, so your "very small firm" probably isn't covered. Likewise, the Family & Medical Leave Act, which allows employers to obtain information related to your need for medical leave, requires that the information be kept separate from personnel or other records, and restricts its use, see 29 C.F.R.§825.500(g). But the FMLA does not apply to employers who have fewer than 50 employees. The Health Insurance Portability and Accountability Act (HIPAA) includes detailed regulations regarding the use and maintenance of medical information to protect its privacy. Unfortunately, HIPAA has no individual remedies for violation of the Act, and it does not apply to employers, only to health care providers, health plans (i.e. insurance companies) and health care clearinghouses (companies that maintain records in databases for use by providers and insurance companies). See 42 U.S.C. §1320d-1(a) and enforcement regulations. So your only recourse in the event your employer violates your privacy by disclosing medical information beyond the "need to know" is to look to state law. HIPAA regulations do not supersede state laws that provide greater privacy protection. See 45 C.F.R. § 160.202. Arizona statutes protecting privacy of medical records and information apply to health care providers and contractors (companies who maintain and copy records for providers), but not to employers. See A.R.S. §12-2291 et seq. So the only protection you have against your employer's inappropriate disclosure of medical information is a common law suit for invasion of privacy. Unfortunately, the standard for proving this kind of claim requires proof of outrageous conduct by the employer. See Valencia v. Duval Corp., 645 P.2d 1262, 132 Ariz. 348 (App., 1982). So the bottom line is that the medical information you provide on the questionnaire may be only as secure as your employer chooses to make it.
posted by Francis Fanning | Oct 10, 2008 8:19 PM [EST]
Answer This Question
Sign In to Answer this Question
Related Questions with Answers