Privacy Issues in the Workplace

Under the EEOC’s final regulations regarding GINA, the inadvertent acquisitions of genetic information does not constitute a violation, such as in situations where a manager or supervisor inadvertently obtains employee genetic information through ordinary Internet searches or overhears a conversation. However, supervisors may not intentionally run a search or request information over a social networking site that is “likely to result in uncovering genetic information.” 137 Maintenance of Genetic Information: If the employer possesses genetic information about an employee, such information must be maintained on separate forms and in separate medical files and must be treated as a confidential medical record of the employee.

Disclosure of Genetic Information: Genetic information regarding an employee shall not be disclosed except:

(1) to the employee or employee’s family members, at the written request of the employee;

(2) specified occupational or health research;

(3) in response to a court order;

(4) in compliance with FMLA;

(5) to a health agency pursuant to contagious disease outbreak.

Relationship to HIPAA: This chapter does not prohibit a covered entity under HIPAA from any use or disclosure of health information that is authorized for the covered entity under such regulations. However, it is important to note that the March 26, 2013, modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules address the use of genetic information and prohibit health plans from using or disclosing genetic information for underwriting purposes, including plans to which GINA expressly does not apply. An exception to this prohibition exists for issuers of long term care polices. 138 12. C ALIFORNIA P ATIENT P RIVACY P ROTECTIONS Due to an increase of employee snooping into celebrity medical files at UCLA, California laws are consistently evolving in an attempt to protect patient privacy. New laws require health care providers to safeguard patient data and to report unauthorized access within five days to the state and the individual. The state can levy penalties up to $25,000 per patient for privacy breaches.

In 2008, the California Legislature passed Assembly Bill 211 and Senate Bill 541.

AB 211 added Section 130203 [renumbered in 2014 to Section 1280.18 per SB 857] to the Health and Safety Code and established the California Office of Health Information Integrity (CalOHII) to: (1) ensure the enforcement of state law mandating the confidentiality of medical information and; (2) impose administrative fines for the unauthorized access, use, or disclosure of medical information.

Privacy Issues in the Workplace ©2019 (s) Liebert Cassidy Whitmore 49