EEOC Warns Against Keeping Personal and Occupational Health Information in Single Electronic File

Maintaining an employee’s personal health information and occupational health information in a single electronic medical record could violate the requirements of Title I of the Americans with Disabilities Act (ADA) and Title II of the Genetic Information Nondiscrimination Act (GINA), according to an informal discussion letter recently released by the Equal Employment Opportunity Commission (EEOC). An employer’s right to access occupational health information from individuals providing health services unrelated to employment is strictly limited under both the ADA and GINA. Although neither the ADA nor GINA specifically addresses whether encryption, password authentication, or other security safeguards are necessary for electronic records maintained by employers, the EEOC stated that it does not interpret either statute’s confidentiality provisions to apply only to paper records. Therefore, maintaining personal health information and occupational health information in a single electronic medical record, particularly one that allows someone with access to the electronic medical record, presents a real possibility that the ADA and GINA, or both, will be violated.