Finally, new testing technologies are continually emerging that can add additional health information to employees’ files. For example, tests are now available that can test inexpensively for a variety of genetic traits, such as predisposition to Huntington’s disease, alcoholism, and many types of cancer.

All in all, employee health files contain a wealth of personal information, some revealing the most private aspects of an employee’s life -- e.g., chronic illnesses, sexually related diseases, emotional problems, family medical problems, bouts with cancer, and substance abuse problems.

2) Improvements in telecommunications technology make it possible for medical information to be easily accessed by insurance companies, fraud investigators, and others who may or may not have a legitimate need to know.

The health care industry is rapidly moving to maintenance of health information in electronic form. Such databases have the potential to improve the health care system -- through physicians’ greater ease of access to information needed for an accurate diagnosis, through research to determine most effective treatment strategies, and through more effectively designed public health and health education programs.

However, once medical records are placed in electronic databases, the information can be disseminated at breathtaking speed to any number of users. Internet communication systems open up yet new possibilities for improper access to medical records. As an example of the kind of abuses that could occur, it was recently reported that two drug store chains had shared prescription information with a marketing company, which then used the database to target mailings to individuals with particular health problems -- until a public outcry stopped the practice.

3) Finally, increasing scientific knowledge of how lifestyles and behaviors affect health can provide a basis for discrimination against employees and candidates. For example, some employers have refused to hire smokers or individuals who were overweight. It also is a temptation for employers to try to enforce changes in employees’ lifestyles and behavior.

Continuing scientific research has revealed numerous health problems related to common behaviors and lifestyles, including: smoking, obesity, diets high in fat, lack of exercise, and heavy drinking. For the employer faced with rising health care costs, these characteristics may be viewed as a threat to cost-reduction efforts. In an effort to keep future health care costs down, the employer may resort to:

1. seeking information from applicants about non-work-related behaviors,
2. avoiding hiring individuals who appear to be in these risk categories,
3. forcing employees to participate in risk-reduction programs such as smoking cessation classes, exercise sessions, etc. (Voluntary wellness programs, of course, can be a significant benefit for employees providing that information collected through such programs is not misused.)

How widespread is the problem of improper use f medical information in employment decisions? It is simply not possible to get precise data, since typically a job applicant or employee would never know that medical information was used against them. Nevertheless, recent survey data is suggestive. A 1993 Harris poll on confidentiality of workplace medical records found that 8% of those surveyed thought that their employer had collected information about their health or lifestyle off the job that should not be collected. 4% responded positively to the question, “Have you ever had medical or health information you provided to your employer disclosed to other people at work in ways you felt were not proper?.”

These statistics are supported by a separate 1993 Harris poll on general medical privacy. This survey found that 9% of respondents believed that their employer or a family member’s employer had at some time disclosed personal medical information in a way that was improper.

These polls suggest that roughly one in twelve employees has experienced improper management of health information by employers. And one in 25 -- equivalent to more than five million Americans in the work force -- believe that their employers inappropriately shared their personal health information with others at work. Since employees are more likely to be unaware of misuse of health information than to be aware of it, these statistics, significant though they are, are likely to underestimate the magnitude of the problem.

Such violations of privacy have resulted in widespread concern among employees about the confidentiality of medical information. Reflecting this uneasiness and mistrust, the Harris poll on workplace privacy found that 41% of respondents said they were very or somewhat concerned that their “job opportunities or job status might be affected” if their medical claims information were to be seen by their employers.

Maintenance of employee health information files is typically overseen by the company’s health professionals -- occupational physicians and nurses. Both occupational physicians and nurses are governed by their professional code of ethics regarding confidentiality of employee health information. These codes state that individual records should be confidential, to be “released only when required by law or overriding public health considerations; when needed by other health professionals for pertinent reasons; and when needed by designated individuals at the request of the employee...Employers are entitled to counsel and advice about an employee’s medical work fitness but not to diagnosis or specific details, except or in compliance with law and regulations.”

Because of this ethical commitment, occupational health professionals often find themselves in the front lines of the battle for rights to privacy of health information. Although no survey data are available as to the frequency with which health professionals are pressured to release confidential information, leaders in the field report having heard many stories of such occurrences. A few lawsuits have resulted in recent years from the clash between health professionals’ ethical commitments and human resource managers’ and supervisors’ interest in accessing employee health information.

Increasingly concerned about the issue, the Association of American Occupational Health Nurses and the American College of Occupational and Environmental Medicine, the leading professional associations for occupational and environmental health nurses and physicians, are seeking federal legislation to ensure the privacy of employees’ health information. They believe such legislation is essential if employees are to feel secure that information shared with their company’s health professionals will be treated respectfully and confidentially, and if health professionals are to be protected in performing their responsibilities in an ethical manner.

What are the impacts of improper use of medical information by employers? The impact on the individual can be devastating. To be fired, or not hired or promoted, is likely to be upsetting in any case -- but to undergo this experience because of a health condition over which one has no control, which one’s employer should not have even known about, can be traumatic.

Just as seriously, it creates a climate of mistrust that may keep individuals from even seeking medical attention they need, for fear that employers will find out about their condition. 7% of those contacted in the Harris poll had the experience of wanting to seek services for a physical condition or mental health problem but not doing so because they didn’t want to harm their “job prospects or other life opportunities.” In keeping individuals from needed treatment, the lack of strict confidentiality of employee medical information transcends the impact on individuals and becomes a threat to public health.

Concern over privacy of medical information in general has grown rapidly in the last few years, and it is essential that such legislation extend to workplace health information privacy as well. In some ways the risks for employees from misuse of medical information exceed the risks for health care consumers in general. Employees experience not only a threat to privacy, but a threat to their very livelihood from misused health information. The issue for employees goes beyond privacy concerns -- it becomes a question of job discrimination against individuals who have presently, have had in the past, or are likely to have in the future, sensitive or serious personal health problems.

2. Definition

2.1 “Protected health information” means any information which identifies an individual, whether oral or reported in any form or medium; is created or received by an employer; and relates to past, present or future;

a. Physical or mental health history of an individual or an individual’s family (including individual cells and their DNA and genetic component);

b. Physical or mental health condition, including information about legal lifestyles, behaviors or consumption patterns which may be relevant to an individual’s health condition;

c. Diagnoses or medical test information or other information relating to a health condition, diagnosis, or prognosis;

d. The provision of health care or health care treatment;

e. Prognosis or other information relating to potential future health conditions; or

f. Payment for the provision of health care.

3. Exceptions

3.1 Nothing in sections 1.1 or 1.2 shall be construed to make it illegal for an employer to collect, use, retain, or disclose protected health information in connection with:

a. A bona fide occupational requirement; or

b. A bona fide conflict of interest policy.

3.2 After an individual has been hired, nothing in sections 1.1 or 1.2 shall be construed to make it illegal for an employer to collect, use, retain, or disclose protected health information in connection with:

a. Occupational wellness or other employer-sponsored health programs participated in on a voluntary basis by the employee; or

b. The administration of a health, disability, life or other insurance program or payment for such a program provided that no employee shall be disadvantaged with respect to participation in any employer insurance or benefit program unless:

1. the difference in treatment accurately reflects a difference in the employer’s cost of providing the benefit, according to sound actuarial principles;

2. the difference in cost is the result of the individual employee’s voluntary behavior; and

3. the practice in question does not have a disparate impact on any group protected by federal or state civil rights laws.

4. Enforcement

4.1 Any individual who has been aggrieved by a violation of this Act shall have a private right of civil action in any court of competent jurisdiction or may file a complaint with the department of labor in the state of ________________.

5. Remedies

5.1 A prevailing plaintiff in a civil action under this section is entitled to:

a. Injunctive relief;

b. All wages and benefits lost;

c. Compensatory damages; and

d. Court costs plus reasonable attorney’s and expert witness fees.

5.2 Where the department of labor determines that a violation of this Act has occurred;

a. The affected employee or applicant is entitled to all wages and benefits lost because of the violation; and

b. The department of labor may impose a civil penalty.

6. Waiver

6.1 The rights and procedures provided by this Act may not be waived by contract or otherwise, unless such waiver is part of a written settlement agreed to and signed by the parties to a pending action or complaint under the Act.

ORGANIZATIONS SUPPORTING LEGISLATION TO PROTECT CONFIDENTIALITY OF EMPLOYEE HEALTH INFORMATION

American College of Occupational and Environmental Medicine
55 West Seegers Road
Arlington Heights, Illinois 60005
Contact: Pat O’ Connor, 202-223-6222

American Association of Occupational Health Nurses, Inc.
2920 Brandywine Rd., Suite 100
Atlanta, Georgia 30341-4146
Contact: Kae Rivers Livsey, 770-455-7757, ext. 104

Pacific Business Group on Health
221 Main Street, Suite 1500
San Francisco, CA 94105
Contact: David Hopkins, PhD, Director, Health Information, 415-281-8660

Workplace Injury Litigation Group, Inc. (national association of attorneys representing injured and diseased workers)
PO Box 300488
Denver, CO 80203
Contact: Gregory E. Williams, Executive Director, 303-830-0112, Email - wilg@wilg.org, Web - www.wilg.org.

Health Privacy Project
Institute for Health Care Research and Policy
2233 Wisconsin Avenue NW, Suite 525
Washington, DC 20007
Contact: Zoe Hudson, 202-687-0880