Privacy Issues in the Workplace

M EDICAL T ESTING AND M EDICAL I NFORMATION

S ECTION 3

A. A PPLICABLE L AWS In addition to the United States Constitution and the California Constitution discussed above in Section 1 of this workbook, many of the privacy issues regarding medical testing and medical information arise under provisions protecting employees from federal and state disability discrimination laws. While the focus of anti-disability discrimination laws is to prevent disability discrimination, they also protect individual privacy rights concerning applicant and employee medical information. Thus, they not only restrict the use of information about a disability, but also restrict the solicitation of such information. Due to the highly sensitive nature of employee medical information, the disability laws also require employers to strictly maintain the confidentiality of medical information. Additionally, Congress and the California legislature have also enacted statutes governing the handling and disclosure of medical information. This section provides an overview of these laws. 1. T HE C ONFIDENTIALITY OF M EDICAL I NFORMATION A CT (CMIA) The Confidentiality of Medical Information Act (CMIA), California Civil Code sections 56- 56.37, generally prohibits the acquisition, use and disclosure of medical information without prior written authorization from the person whom the information concerns. The CMIA also requires that medical records be kept confidential. With limited exceptions, the CMIA prohibits an employer from using or disclosing (or knowingly permitting its employees or agents to use or disclose) medical information relating to an employee unless the employee first signs a valid authorization. For purposes of the CMIA, medical information is defined as,

“any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of health care, health care service plan, pharmaceutical company, or contractor regarding a patient’s medical history, mental or physical condition, or treatment. ‘Individually identifiable’ means that the medical information includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the person’s name, address, electronic mail address, telephone number or social security number, or any information that, alone or in combination with other publicly available information, reveals the individual’s identity.” 133

Privacy Issues in the Workplace ©2019 (s) Liebert Cassidy Whitmore 45