Every request for a sick leave, every legitimate medical exam for a physically demanding job, any lawful drug test, and so on and so forth, has the potential to create a medical record. How are employers to treat those records? What are legitimate uses?What precautions should be taken? And how do you find out?
These are the kind of questions that may not arise until it’s too late and the employer is facing litigation or governmental investigation over its practices. So they are the kind of issues that careful employers will want to address before they come to a head. And those employers won’t find the answer in HIIPA, the law most commonly associated with medical records privacy. HIIPA only applies to medical service providers. Nor are employers likely to find an answer in state law – not in Florida anyway.
A private employee’s medical privacy rights are governed by the ADA. Indeed, the Americans with Disabilities Act has a number of provisions that apply to all employees, not only disabled ones. And that, in turn, makes the EEOC the unlikely ruler of medical privacy in private industry. Knowing where to look is one way a good business attorney will provide surprising help to his clients.
(For amateurs of governmental quirkiness, having the EEOC in charge of medical privacy is not the oddest pairing in law. Whistle-blower complaints under Sarbanes-Oxley, the Enron-era disclosure law, are filed with OSHA, the workplace-safety agency.)