ADA and GINA require separation of employee medical records

Maintaining personal and occupational health information in one place, including an electronic medical record, may violate the federal Americans with Disabilities Act (ADA) or the federal Genetic Information Nondiscrimination Act (GINA) according to a recent letter from the U.S. Equal Employment Opportunity Commission (EEOC). The question posed to the EEOC was whether maintaining information related to an employee’s personal health information (e.g. information related to the diagnosis or treatment of a condition, such as may be found with medical certifications for a leave of absence) in the same location as occupational health information (e.g. medical information concerning an employee’s ability to work or a reasonable accommodation request) would violate the ADA and/or GINA. Both the ADA and GINA require confidential health information to be kept separate from other employee records, so that only individuals who have a business-related reason for knowing the information have access to it. Keeping all medical records in one location could cause a problem if someone has access to the medical file who doesn’t have a business-related reason for accessing other information contained in that file.

For example, your risk management officer may need to see workers’ compensation information for purposes of creating a light duty position for an employee, but has no reason to see Family and Medical Leave Act (FMLA) medical certifications unrelated to the workers’ comp claim. By keeping all medical records in one location, including an electronic file, and then granting unfettered access to someone who is only authorized to see some of the information, you may be violating ADA or GINA. Similarly, you shouldn’t be sharing information with anyone unless the employee has specifically consented to that disclosure or the disclosure is permitted by law.