• print
  • decrease text sizeincrease text size
main content

Our Programs
Workplace Fairness Weekly

Workplace Fairness Weekly (5/9/22)

Topic of the Week  Protecting Your Medical Privacy At Work

As an employee, there are just some things that an employer does not need to know. However, while your medical information may seem irrelevant and, at times, is highly sensitive, your employer may have some legal access. For example, employers might require that you take medical tests or inquire about your medical history prior to or during employment. While these requirements are job and state specific, there are certain healthcare protections that do help to maintain the privacy of your medical records.Do I have a right to keep medical information private at work?

Your employer has a number of ways to obtain medical information about you, whether it's because you volunteer it when you call in sick or tell co-workers, or because you provide requested information on health insurance application or workers compensation claim forms. However, just because your employer has the information does not mean that it should be shared with everyone in the workplace, especially when you have not chosen to do so.

The basic legal principle that employers should follow is not to reveal medical information about you unless there is a legitimate business reason to do so. But because that standard is fairly vague, there are laws which more specifically protect the privacy of your medical records, such as the Americans with Disabilities Act, the law which makes it illegal to discriminate on the basis of an employee's disability. State laws may also provide additional protection.

When I was injured at work, I was required to go to the company's health clinic. Will the information I gave the doctor be disclosed to my employer?

An on-site health clinic at your place of employment may be another example of what the HIPAA Privacy Rule calls a "hybrid" entity. This depends on whether the health clinic transmits information electronically and engages in standard transactions under HIPAA's electronic data interchange rule (for example, if the clinic bills an employee's health plan). If so, the records maintained by the health clinic are subject to the same protections that apply to other covered entities. However, if the clinic does not transmit information electronically or bill your employer, it would be specifically excluded from HIPAA's protections.

Before you disclose any information to the company's health clinic that you would not want your employer to know, you should ask whether the clinic is subject to HIPAA or has a privacy policy that governs how your medical information is used.

I recently learned I am HIV-positive. Do I need to disclose this information to my employer?

Most job applicants or employees who live with HIV do not have to disclose their HIV status to their employers. The only exception is if you work at a job where HIV infection poses a direct threat to the health of others, like if you work as a surgeon or other health care worker performing invasive procedures. Not every health care worker has public contact. HIV-positive chiropractors, manicurists, food handlers, chefs, bank tellers, veterinarians, hairdressers, and barbers do not pose a direct threat.

Otherwise, it is your choice whether or not to disclosure your HIV status to your employer, for example, if you need an accommodation of your disability, or wish to take leave covered by the Family & Medical Leave Act. It is important to note that your insurance company may provide usage reports to your employer which contain how much care employees are using and for a small employer it may be possible to figure out whose claims are related to HIV/AIDS.

What can I do if my privacy rights have been violated by my employer?

How you can respond to an unauthorized disclosure of your medical information depends on what law or laws were violated by the disclosure: the ADA, HIPAA, or state protections. Some laws allow what is called a "private right of action," which means that you can sue in court, while others require that you file with an administrative agency. If you believe your privacy rights have been violated, you may want to consult with a local attorney to determine whether your employer has violated any laws, and if so, how you should proceed. In the event that a covered entity or a business associate committed a violation, you may file a complaint with the Office for Civil Rights (OCR) who will investigate the complaint. In order to file the complaint, you must file the complaint in writing, name the covered entity or business associate involved, describe the act you believe violated the privacy requirements and file within 180 days of when the act or omission occurred. OCR may extend the 180 day period of you can show good cause.

Thought of the Week

"Privacy is a commodity that many Americans hold near and dear to their hearts. However, this treasured right to privacy can at times be unclear, especially in the workplace. "

–Workplace Fairness

Weekly Comic by Jerry King

Weekly Comic by Jerry King

Blog of the Week

Top Five News Headlines

    List of the Week

    from CDC

    Poor mental health can negatively impact a workers:

    • Job performance and productivity
    • Communication
    • Daily physical ability and functions


    • Tracking image for JustAnswer widget
    • Find an Employment Lawyer

    • Support Workplace Fairness

    Follow us on:


    Find an Employment Attorney

    The Workplace Fairness Attorney Directory features lawyers from across the United States who primarily represent workers in employment cases. Please note that Workplace Fairness does not operate a lawyer referral service and does not provide legal advice, and that Workplace Fairness is not responsible for any advice that you receive from anyone, attorney or non-attorney, you may contact from this site.

    Tracking image for JustAnswer widget