Protecting Your Business and Employee’s Privacy Rights in the age of COVID-19

Protecting Your Business and Employee’s Privacy Rights in the age of COVID-19

By Christina M. Reger, Esq. and Tatiana Cook

During these unprecedented times of coronavirus many employers face growing pressures to protect their employees and their employee’s privacy rights. To accomplish both can be like walking through a minefield because if an employee contracts or comes in contact with someone with the coronavirus, how do employers protect the privacy of the employee and also protect the health and safety of their other workers?

In February, the Office for Civil Rights of the U.S. Department of Health and Human Services released a bulletin on the HIPAA Privacy Rule and coronavirus.  

Some critical things to keep in mind when balancing the privacy rights of an individual and keeping their workers safe. HIPAA itself only applies to covered entities. Covered entities are: health plans, health care clearinghouses, and health care providers and their business associates. The Privacy Rule does not apply to disclosures that are not covered entities.

So if your employee notifies you that they have tested positive for the virus you are not subject to HIPAA’s requirements. However, if you learn of your employee’s status through your health plan then HIPAA does apply to you and you are not able to disclose your employee’s status without their authorization.

If you are a covered entity, the HIPAA Privacy Rule allows for exceptions during emergencies such as a global pandemic. You may disclose your employee’s status without their authorization to:

–      A public health authority such as the Controlled Center for Disease; a state or local health department; an agency or authority of the United States government state, territory, that is responsible for public health matters;

–      At the direction of a public health authority to a foreign government agency that is acting in collaboration with the public health authority;

–      To persons at risk, which may include other employees, of contracting or spreading a disease or condition if state law requires notification to at-risks person.

If you are not a covered entity, HIPAA does not apply but your state confidentially laws, the Americans with Disabilities Act, and the Equal Employment Opportunity Commissions’ regulations on confidentiality do. Under all of these policies, employers may not disclose confidential medical information to other employees. Thus, employers are encouraged to only share general information about an exposure to coronavirus and encourage employees to quarantine or get tested depending upon their exposure and how they are feeling. 

For more information on HIPAA and privacy concerns, employers can visit the following websites, and contact the Law Offices of Christina Reger to assist navigating these challenges.

Quick links to helpful information:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s