Sponsored by Oregon Business

HR: Navigating the medical-rights minefield

| Print |  Email
Monday, January 01, 2007

If you are like the vast majority of employed people, you have learned something at work about a co-worker’s illness or medical condition. It can be as specific as someone telling you about their medical issues, or as vague as someone commenting in hushed tones that they heard a fellow employee has a serious or terminal illness.

Some privacy rights follow employees into the workplace, and other rights are conveyed by specific laws and regulations. Employers are challenged in understanding the obligations and restrictions placed on the exchange of information about employees and their personal medical status.

First, the basics: There is a law covering almost all employers that says any information about medical conditions and treatments is Protected Health Information (PHI), and that employers must take great care in how they communicate that information with benefit plan providers and within the organization. That law is the Health Insurance Portability and Accountability Act (HIPAA).

Another law, the Americans with Disabilities Act (ADA), requires employers with 15 or more employees to reasonably accommodate employees with disabilities.

A “disability” is defined as:

  • a physical or mental impairment that substantially limits one or more major life activities;
  • a person with a record of such an impairment; or
  • a person regarded as having such an impairment.

Some examples of major life activities are such things as walking, sitting, standing, seeing, hearing, breathing, working, and caring for oneself. The law also requires that the medical condition requiring accommodation not be disclosed by the organization to others, including, in most cases, the supervisor and co-workers.

These privacy requirements necessitate a delicate balancing between the employee’s right to personal privacy on the job and the employer’s need to maintain a safe, efficient and productive workplace. The simple act of sharing a medical diagnosis with the employee’s supervisor without the employee’s express (written) permission, even when the employee is the one who told you their condition, can result in a violation of the employee’s right to privacy. 

So is there a way through this maze? The answer is a qualified “yes.”  Here is what employers need to do.

  • Be aware of the privacy requirements contained in the various laws that pertain to the organization.
  • Assure employees that the organization takes its responsibility to maintain appropriate employee privacy seriously.
  • Encourage employees to share critical information with key parties on their own, or authorize in writing the sharing of that data. Any such authorization should include what information is to be shared and with whom.
  • Have a written policy about the confidentiality of employee information, including any medical information that the employer becomes aware of.
  • Train supervisors and managers about the privacy requirements and strongly advise that no inappropriate disclosure of information is to occur.
  • Have a process by which employees can bring to management’s attention any concerns they have about the inappropriate disclosure of personal information.

This last step is critical because it gives an organization an opportunity to try to resolve any issues or correct problems before an employee takes their concern to an outside attorney specializing in privacy lawsuits.

In this day when the fears about “big brother” are too often being realized, we all want our personal information to stay private at work. By taking this concern seriously and working to have appropriate protections in place, employers can create greater trust with employees and meet compliance requirements at the same time.

— Judy Clark, SPHR
CEO, HR Answers
This e-mail address is being protected from spambots. You need JavaScript enabled to view it


EPIC is a public interest research center in Washington, D.C, created to focus public attention on emerging civil liberties issues and to protect privacy, the First Amendment, and constitutional values. Go to www.epic.org.

The Office for Civil Rights–HIPAA addresses such issues as medical privacy and the National Standards to Protect the Privacy of Personal Health Information. Go to www.hhs.gov/ocr/hipaa.

The Center for Democracy and Technology is a nonprofit public policy organization “dedicated to promoting the democratic potential of the Internet.” Check out its medical information section at www.cdt.org/privacy/medical.

The Health Privacy Project’s Fact Sheet 8 explains how private your medical records really are. Go to www.privacyrights.org/fs/fs8-med.htm.




More Articles

Salad Days

October 2015
Monday, September 28, 2015

How Portland's Garden Bar plans to become the Starbucks of salad.


Big Trouble in China?

Guest Blog
Tuesday, August 18, 2015
0818-wellmanthumbBY JASON NORRIS | CFA

Earlier this month, the People’s Bank of China (PBoC) announced they were going to devalue their currency, the Renminbi. While the amount of the targeted change was to be roughly 2 percent, investors read a lot more into the move. The Renminbi had been gradually appreciating against the U.S. dollar (see chart) as to attempt to alleviate concerns of being labeled a currency manipulator.


Photos: 100 Best Nonprofits to Work For in Oregon awards dinner

The Latest
Thursday, October 01, 2015
100best202thumbPHOTOS BY JASON E. KAPLAN

Images from the big 2015 celebration of worker-friendly organizations that make a difference.


Have a baby and keep a job? It won’t be easy in Portland

The Latest
Friday, October 02, 2015
100115kimblogthumbBY KIM MOORE

Our intrepid (and expecting) research editor finds the child care search involves long waiting lists, costly fees and no certainty of securing a place before she goes back to work.


New green wood building product takes off in Oregon

Thursday, September 10, 2015
091115-cltjohnson-thumbBY KIM MOORE

Oregon is set to become a hub of a new type of wooden building design as a southern Oregon timber company becomes the first certified manufacturer of a high-tech wood product, known as cross-laminated timber, or CLT.


Getting What You Pay For

September 2015
Wednesday, August 19, 2015

A conversation with Chris Maples, president of the Oregon Institute of Technology.



September 2015
Wednesday, August 19, 2015

Ben Kaiser holds his ground.

Oregon Business magazinetitle-sponsored-links-02