Because of increasing regulatory scrutiny of privacy laws, employers should take extra care in safeguarding personnel files and medical records as you would any other confidential company information.
Employers should keep personnel files stored securely in a locked cabinet, and make them available only to managers or supervisors who have a legitimate business reason to access them.
When it comes to employees’ medical records, there are strict laws governing the treatment of these files as set forth by the Health Insurance Portability and Accountability Act (HIPAA) and the American Disabilities Act (ADA).
ADA rules require that medical records be kept separate from other personnel files and strictly confidential. They may be made available only to government officials, insurance companies that require medical exams, first aid and safety workers if needed to treat an employee, or the employee’s supervisor if the employee’s disability affects their work schedule or duties.
In addition, the Genetic Information Nondiscrimination Act (GINA) prohibits employers from gathering genetic information on employees. However, if an employer becomes privy to this information inadvertently, the employer is required to store it in separate, confidential files.
HIPAA imposes regulations on employers with more than 50 employees who administer their own health plans, requiring the appointment of an internal privacy supervisor, having policies and procedures to protect employee privacy and employee notification of those privacy rights. To ensure compliance, employers should consult with a Creative Business Lawyer™.
If you are an employer needing information on the development of employee policies and procedures that conform with federal and state law, contact us to schedule your comprehensive LIFT™ (legal, insurance, financial and tax) Foundation Audit.