Dear UE Steward,
The recent issue on “Information Requests” stated that our employer must provide us with medical information, however it may be considered confidential. Here is a situation that just occurred with us.
George Scott injured his back at work. After going through therapy his doctor released him to return to work but with a weight lifting restriction. The doctor said this restriction could be removed after some time passed. Our employer refused to take George back to work, saying there wasn’t any light duty work that he could do. We filed a grievance on George’s behalf stating that many other people had come back to work on light duty. We provided the company with a list of names of employees who had light duty and we asked to see their medical records. We know we cam prove that other workers had the same lifting restrictions. The personal manager refused stating that under HIPAA he wasn’t allowed to release any medical information about employees.
What is HIPAA and is he right?
UE Chief Steward
Burnemup Tool Co.
What Is HIPAA?
HIPAA is the “Health Insurance Portability and Accountability Act of 1996.”
A major part of this law is protecting consumers from having their medical information made available to people they might not want to have it shared with. For example, advertising agencies or their employer. The law is directed at health care providers, health plans and health care clearing houses. Here is what one of the government facts sheets says:
In general your health information cannot be given to your employer, used for shared things like sales calls or advertising, or used or shared for many other purposes unless you give your permission by signing an authorization form. This authorization form must tell you who will get your information and what your information will be used for.
HIPAA also provides that patients can get copies of their medical records from their doctor, especially if they are switching to another doctor.
Does HIPAA Apply To Employers?
The basic answer is no. The law is aimed at health care providers (such as hospitals, doctors, or clinics), health plans, and health clearing houses. These are called “covered entities.” So in most cases that would involve UE stewards or employers, HIPAA really doesn’t apply.
If an employer is self-insured and therefore has access to employees’ medical records, then they may be considered a “covered entity.” However, most employers that are self-insured actually hire an insurance company to administer the health plan. In those cases it is likely that the employer does not see the actual information on individual employees.
The information that “covered entities” have about an individua’s health is called “protected health information.”
What About George Scott’s Case?
First, even though Burnemup Tool Co. provides health insurance, they are not a “covered entity,” so HIPAA really doesn’t apply.
Secondly, the information that the union was asking for about George Scott’s case is not covered under HIPAA. The National Labor Relations Board has ruled that although employers have to protect their employees’ confidentiality, the Union has a right to information that it needs to process or investigate grievances.
In this situation, the health information that the employer had gathered (what kind of medical restrictions employees were under when they returned to work), was clearly gathered and used in their role as an employer, not for medical reasons.
This is an important distinction. Information that employers gather and use for discipline, because they are required by OSHA, or to run internal health and safety programs is not covered by HIPAA. This information is not used for providing health care, it is used by an employer to run their business or service. Just because it is about employees’ health issues does not make it confidential.
When Does HIPAA Apply and Is Its Ban on Information Total?
Here’s a situation when HIPAA does apply. Consider this. UE Local 264 represents workers at a mental health facility. One day the union is faced with a problem. One of the members has been accused by a patient of abuse and is going to be fired. The union asks to see the patient’s medical and treatment records to see if the patient’s problems could cause him to make false accusations. They also ask to see reports of any other complaints the patient has made about other workers. The employer refuses both requests on the grounds that providing the Union with this information would violate the patients HIPAA rights.
The employer is clearly considered a “covered entity” under HIPAA, because they are a health care provider.
But that does not give them the total right to withhold information from the union. HIPAA rulings hold that even in situations with covered entities, accommodations can be reached to provide information. These accommodations are:
- The person affected can give their permission to give out their personal information.
- Information can be given out if the “identities” are removed, and therefore no one would know whose medical information was being discussed.
In the case above, the NLRB ruled the employer violated the NLRB because they refused to negotiate over accommodations that would provide the union with some or all of the information they needed to represent their members. The NLRB also said what they thought was proper.
In this case since there was only one patient involved there would be no way to block out the identity of the patient's medical records, so the union probably could not see the patient’s medical records, unless the patient agreed to let the union look at them.
However the records the employer kept about accusations made against other employees by this patient were part of the employees’ personnel folders, and therefore were being kept not as medical records but as disciplinary records. These records should have been made available to the union.
A final reminder is that UE stewards should keep medical information about individual employees confidential within the union committee.