What Employers Need to Know About HIPAA
Monday, March 23, 2020
COVID-19 HIPAA Coronavirus
Print Mail Download i

As the COVID-19 pandemic continues to affect everyday business operations across the country, employers are confronting a variety of issues on how to handle these disruptions. The intent of this Legal Update is to educate employers about under what circumstances they are permitted to disclose information related to an employee’s or patient’s positive test for COVID-19 under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Americans with Disabilities Act (“ADA”).

It may be difficult in some circumstances to discern whether health information was received by an employer through its ordinary status as an employer or through its status as a self-insured health plan. Employers should take care in making this determination based on the facts and circumstances of each situation and seek legal counsel as needed.

Covered Entities under HIPAA

  • HIPAA defines “Covered Entities” to generally include health care providers, health plans, and health care clearinghouses.

  • Covered Entities may not disclose protected health information (“PHI”) unless permitted by HIPAA. An individual’s health status related to testing positive for COVID-19 is considered PHI.

  • One permitted disclosure under HIPAA is that Covered Entities may disclose PHI to public health authorities to the extent relevant to the authority and purview of public health authorities. This includes disclosing positive test results for COVID-19 to state and local health departments, HHS, or the CDC as appropriate.

  • Covered Entities may not disclose PHI to the media.

  • Unless an employer is otherwise a Covered Entity as described above, it is not subject to HIPAA’s restrictions on disclosures of PHI.

Confidentiality under the ADA

  • The ADA requires employers that obtain medical information through inquiry or examination to maintain it in a confidential medical file and keep it separate from the employee’s personnel file.

  • Employers have been encouraged by the CDC and EEOC to question their employees regarding travel, exposure, or symptoms related to COVID-19. Any medical information disclosed as part of this dialogue should be treated as confidential.

  • If a positive case is identified in the workplace, the employer is encouraged to investigate the exposure of others in the workplace without disclosing the name of the individual or any personally identifiable information about the person.

  • The confidentiality requirements under the ADA do not prohibit disclosure to state, local, or federal health departments.

Employers with a Self-Insured Health Plan

  • Notwithstanding the discussion above regarding employers, a self-insured employee health plan maintained by an employer is a Covered Entity under HIPAA (i.e. the plan itself, not the employer, although we acknowledge this distinction is difficult to make for most employers). As a result:

    • If the employer obtained the information through its status as a plan (i.e., as the payer for the employee’s health care services), then such information is PHI and subject to HIPAA (see first bullet above for Covered Entities).

    • If the employer receives the information in the ordinary course (e.g. voluntary disclosure by the affected employee), then the second bullet above regarding employer permitted disclosures is applicable.

©2024 von Briesen & Roper, s.c

Current Legal Analysis

More from von Briesen & Roper, s.c.

U.S. Supreme Court Holds That A Unilateral Job Transfer Maintaining the Same Pay and Benefits Could Be Discrimination Under Title VII
by: James R. Macy
Policy Exceptions – A Tale of Two Interpretations
by: Steven R. Beckham
Use of the ASTM E1527-21 Phase I Environmental Site Assessment Standard Practice is Now Required to Meet CERCLA Liability Protections
by: David P. Ruetz , Christina M. Lucchesi
DOL Issues SECURE 2.0 Guidance on PLESAs and Automatic Portability
by: Kelly J. Noyes
What Compliance Officers Need to Know From 2023’s Compliance Trends
by: Stacy C. Gerber Ward
What You Need To Know About The Corporate Transparency Act
by: Randy S. Nelson
Appellate Court of Illinois and Seventh Circuit Issue Conflicting Decisions Regarding Applicability of “Violation-of-Law Exclusion” in BIPA Actions
by: Edric S. Bautista , Mollie T. Kugler
Your Company’s Beneficial Ownership Information Report Required by the Corporate Transparency Act Is Due Soon
by: Randy S. Nelson
Legislature Amends Law Permitting Collective Bargaining Negotiations Involving Certain Aspects of Health Care Plan Design and Coverage
by: Kyle J. Gulya , Ryan P. Heiden
Surge in Class Actions Under the Illinois Genetic Information Privacy Act
by: Restructuring & Insolvency at von Briesen & Roper, s.c.

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins