The Health Insurance Portability and Accountability Act (HIPAA) and the Americans with Disabilities Act (ADA) often intersect in healthcare and workplace settings. It allows employers to accommodate their staff’s medical needs while maintaining their privacy.
HIPAA is a federal act enacted in 1996 that regulates safeguarding protected health information (PHI). It provides the minimum privacy and security requirements for covered entities (like healthcare providers, insurers, and clearinghouses) that handle PHI.
The HIPAA Privacy Rule specifically restricts the disclosure of medical records to anyone without the patient's consent, including employers, to prevent unauthorized access to their employees' PHI.
According to their website, the Americans with Disabilities Act (ADA) “is a federal civil rights law that prohibits discrimination against people with disabilities in everyday activities.”
Furthermore, “The ADA guarantees that people with disabilities have the same opportunities as everyone else to enjoy employment opportunities, purchase goods and services, and participate in state and local government programs.”
The ADA requires employers to make reasonable accommodations for employees with disabilities, such as modifying work schedules or providing assistive technologies. It also maintains the confidentiality of those employees’ medical information.
Workplace situations often present interactions between HIPAA and the ADA, especially when employers need medical information to determine reasonable accommodations for employees with disabilities.
When an employee requests an accommodation for a disability, medical information may be required by employers to understand the restrictions the employee has and to arrive at appropriate accommodations.
Tracie DeFreitas, Director of Training and Outreach at Job Accommodation Network (JAN) presents the following scenario, "An employee sends in a letter limiting him to lifting no more than 20 pounds. The health care provider's letter does not state the basis for the lifting limitation, nor does it provide an end date for the lifting limitation. Is this employee a person with a disability?"
In this context, employers will require more information, like the nature and duration of the employee's condition, to check whether the employee is eligible for an accommodation.
However, HIPAA restricts the disclosure of this medical information. Healthcare providers cannot share patient information without the employee’s consent, even if the information is needed for accommodation purposes.
Although HIPAA limits disclosures, it does not preclude employers from directly contacting health providers to clarify the accommodations. Like when an individual with a disability must take leave intermittent leave based on medical needs, the employer can ask the healthcare provider how long their leave of absence should be.
Even so, DeFreitas emphasizes that employers must confirm that the employee has given clear consent via a HIPAA compliant authorization form.
Another example would be when an employee has a seizure disorder and asks not to contact emergency services if they experience a seizure that lasts for a ‘short period of time’. As DeFreitas asks, "What should the employer do while he's having a seizure and after? What is meant by 'a short period of time'?"
Here, the employer must obtain the necessary medical information to assure the employee’s safety. Again, the healthcare provider can only disclose this information if the employee has signed a HIPAA compliant authorization form.
Employers must use a HIPAA compliant form, like Paubox, to obtain an employee's informed consent to contact their healthcare provider. These forms should include the following details:
No, covered entities can use a HIPAA compliant platform, like Paubox, which offers user-friendly interfaces and intuitive design elements that make it easy to navigate and complete the forms.
Yes, HIPAA compliant forms can be customized to meet the specific needs of healthcare organizations while protecting patient privacy.
Yes, HIPAA compliant forms can be adapted for different purposes, like gathering contact information or demographic data.