Employer Rights Under COVID19
Here’s a scenario many of us are facing. You’re back in your office and return to business as usual with some modifications. Masks, plexiglass separators between you and your coworkers, and no loitering around the water cooler are some of the changes your employer has implemented. One day, your coworker, the one who sits next to you, is absent. You learn through another coworker they called in sick. What’s your first thought? For most of us, it’s do they have COVID19? You ask your manager, who’s response is – “I can’t discuss it. By the way, let me know if you have a fever, headache, cough, or shortness of breath”. And that’s all they say.
Believe it or not, that’s the protocol under HIPAA and ADA. Your employer cannot disclose the nature of an illness of a coworker, for that matter, they shouldn’t even disclose the coworker called in sick, but rather simply that they will not be in today. Additionally, the ADA encourages employers to contact trace as much as possible without divulging the cause of the inquiry. Awkward? Obvious? But, that’s the law, and employers should act accordingly.
Now let’s put a small tweak in the scenario from the employer’s perspective – your sick employee, who did test positive for COVID19, told you over the phone you are free to tell their coworkers of their condition. They’re concerned they may have spread the virus to others, and want to do the right thing. As an employer, do you go ahead and tell your employees? After all, you have permission and your employees would certainly like to know if they’ve been potentially exposed.
Our recommendation would be to get it in writing. Have the employee send you an email granting authorization to release that information to your workforce. Once received, it’s your decision if and with whom to discuss it with, but we would still recommend you be judicious. A loudspeaker announcement may not be appropriate, to say the least.
It’s a fine line employers are being asked to walk with this matter. While it’s recommended you contact trace and identify additional potential cases, you also cannot disclose the cause of the inquiry nor disclose an employee’s health status – HIPAA 101. Don’t drop your HIPAA guard simply because the circumstances are atypical.
Be safe. Along with COVID19 issues, cyberattacks, particularly ransomware attacks, are increasing in frequency across all sectors. Practice good personal and cyber-hygiene and you’ll be fine.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for weekly HIPAA Security Reminder to help stay compliant.