The ADA vs. HIPAA: Medical Information Confidentiality
As most people are aware, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by President Clinton to accomplish and protect employees in several ways including:
Limits the ability of a new employer plan to exclude coverage for preexisting conditions;
Provides additional opportunities to enroll in a group health plan if you lose other coverage or experience certain life events;
Prohibits discrimination against employees and their dependent family members based on any health factors they may have, including prior medical conditions, previous claims experience, and genetic information; and
Guarantees that certain individuals will have access to, and can renew, individual health insurance policies
Most people know of HIPAA for its privacy rule. However, what most people (and perhaps most attorneys) do not know is that the Americans with Disabilities Act (ADA) also possesses a privacy rulethat protects employee medical information. Specifically, the ADA states:
(3) Employment entrance examination
A covered entity may require a medical ex- amination after an offer of employment has been made to a job applicant and prior to the commencement of the employment duties of such applicant, and may condition an offer of employment on the results of such examina- tion, if—
(A) all entering employees are subjected to such an examination regardless of disability; (B) information obtained regarding the medical condition or history of the applicant is collected and maintained on separate forms and in separate medical files and is treated as a confidential medical record, ex- cept that—
(i) supervisors and managers may be in- formed regarding necessary restrictions on the work or duties of the employee and necessary accommodations;
(ii) first aid and safety personnel may be informed, when appropriate, if the disabil- ity might require emergency treatment; and
(iii) government officials investigating compliance with this chapter shall be pro- vided relevant information on request; and
(C) the results of such examination are used only in accordance with this sub- chapter.
A recent case highlights on sometimes HIPAA's privacy rule won't cover an employee like the ADA's rule does. In Blanco v. Bath Iron Works Co. and General Dynamics Corp., (U.S. Dist. Ct. of Maine), No. 2:10-cv-00429-JAW, the plaintiff was terminated for failing to disclose his Attention Deficit Hyperactivity Disorder (ADHD) when he responded to the company’s post-offer, pre-hire Medical Surveillance History Questionnaire. According to the lawsuit, the in-house physician with whom Blanco discussed his post-employment request for a reasonable accommodation accused Blanco of failing to disclose his ADHD on the medical questionnaire. Blanco further alleged that the in-house physician discussed Blanco’s allegedly false responses to the questionnaire with management in General Dynamics’ Labor Relations Department. Blanco claimed that General Dynamics terminated his employment as a result of the disclosure. The case did not allege a HIPAA violation, but, instead, alleged an ADA violation.
The Court, in denying the employer's motion to dismiss the ADA violation count, held that the ADA’s confidentiality requirement to apply not only to disclosures to third parties outside the company (except in the limited circumstances described above), but also toinner-corporate disclosures. More to the point, if the complaint’s allegations turned out to be true, the in-house physician would have violated the ADA because her disclosure of Blanco’s medical information was not necessary for managers in General Dynamics’ Labor Relations Department to accommodate Blanco or to address a work restriction, and the other two exceptions obviously did not apply. The General Dynamics decision is particularly remarkable because the court held that the ADA protects even false medical information provided by an applicant or employee to an employer.