Enacted in 1993, the Family Medical Leave Act protects the jobs of certain employees who have to take unpaid leave to care for a newborn or adopted child or for a seriously ill family member. FMLA also protects the jobs of employees who themselves are seriously ill or injured, and must take a leave of absence to recover. The medical nature of most FMLA requests triggers privacy and confidentiality issues that employers need to keep in mind.
Some medical information cannot be kept completely confidential. In order for an FMLA leave to be approved, for instance, the employer must review a doctor's recommendation based on a serious health condition. The Department of Labor recommends using a standard form for physician recommendations for FMLA. The form allows the physician to provide details of the condition, including the length of leave required. The form is available online from the Department of Labor's website.
Access to medical records is governed by the Health Information and Accountability Act. The act stringently regulates who has access to medical information from which the individual's identity can be determined. HIPAA is balanced in order to provide information to healthcare workers to permit them to do their jobs, and in other circumstances, such as FMLA requests. However, the act requires that access to medical records be severely limited. As an employer subject to FMLA, you must limit access to these medical records only to designated employees who absolutely must have access for bona fide business reasons.
As an employer, you must protect employee medical information from those who are not designated to access it. All medical records should be stored separately from personnel files. Medical files related to FMLA requests should be kept in locked file cabinets to which only designated employees have access. When faxing and photo-copying employee medical information, protocols should be established and strictly observed to ensure employee privacy. For example, if a medical data form is accidentally left in a photocopy machine and then seen by unauthorized people, it's your company that's liable for the breach of privacy, not the errant employee.
Often in FMLA situations, employers need access to certain of their employees' medical records. HIPAA provides for employees to give written authorization to employers to access only those records pertinent to the condition for which FMLA leave is requested, without giving blanket authorization to access all medical records. Employers may request a second opinion based on a physician's recommendation for FMLA and can also contact the physician directly and discuss the condition. Such discussions must also be authorized by the employee. Employees seeking FMLA must provide adequate documentation and therefore most likely will grant these authorizations.