Employers and Health Information in the Workplace
The Privacy Rule controls how a health plan or covered health care provider discloses protected health information to an employer, including your manager or supervisor.
The Privacy Rule does not protect your employment records, even if the information in those records is health-related. Generally, the Privacy Rule also does not apply to the actions of an employer, including the actions of a manager in your workplace.
If you work for a health plan or covered health care provider:
- The Privacy Rule does not apply to your employment records.
- The Rule does protect your medical or health plan records if you are a patient of the provider or a member of the health plan.
Requests from your employer
The Privacy Rule does not prevent your supervisor, human resources worker or others from asking you for a doctor’s note or other information about your health if your employer needs the information to administer sick leave, workers’ compensation, wellness programs, or health insurance.
- However, if your employer asks your health care provider directly for information about you, your provider cannot disclose the information in response without your authorization.
- Covered health care providers must have your authorization to disclose this information to your employer, unless other laws require them to disclose it.
Generally, the Privacy Rule applies to disclosures made by your health care provider, not to the questions of your employer.
For further information on this topic, please refer to 45 C.F.R. §§ 160.103 and 164.512(b)(1)(v), and OCR’s Frequently Asked Questions.
You may also contact the Department of Labor at (866) 4-USA-DOL, or the Equal Employment Opportunity Commission at (800) 669-4000, for information about non-Privacy Rule issues.