The Privacy Rule controls how a health plan or a covered health care provider shares your protected health information with an employer.
The Privacy Rule does not protect your employment records, even if the information in those records is health-related. In most cases, the Privacy Rule does not apply to the actions of an employer.
If you work for a health plan or a covered health care provider:
- The Privacy Rule does not apply to your employment records.
- The Rule does protect your medical or health plan records if you are a patient of the provider or a member of the health plan.
Requests from your employer
Your employer can ask you for a doctor’s note or other health information if they need the information for sick leave, workers’ compensation, wellness programs, or health insurance.
However, if your employer asks your health care provider directly for information about you, your provider cannot give your employer the information without your authorization unless other laws require them to do so.
Generally, the Privacy Rule applies to the disclosures made by your health care provider, not the questions your employer may ask.
See 45 C.F.R. §§ 160.103 and 164.512(b)(1)(v), and OCR's Frequently Asked Questions.
For employer issues, contact:
- Department of Labor: (866) 4-USA-DOL
- Equal Employment Opportunity Commission: (800) 669-4000