Enacted in 1993, the Family Medical Leave Act protects the jobs of certain employees who have to take unpaid leave to care for a newborn or adopted child or for a seriously ill family member. FMLA also protects the jobs of employees who themselves are seriously ill or injured, and must take a leave of absence to recover. The medical nature of most FMLA requests triggers privacy and confidentiality issues that employers need to keep in mind.
Communication of Medical Information
Some medical information cannot be kept completely confidential. In order for an FMLA leave to be approved, for instance, the employer must review a doctor's recommendation based on a serious health condition. The Department of Labor recommends using a standard form for physician recommendations for FMLA. The form allows the physician to provide details of the condition, including the length of leave required. The form is available online from the Department of Labor's website.
Access to Medical Information
Access to medical records is governed by the Health Information and Accountability Act. The act stringently regulates who has access to medical information from which the individual's identity can be determined. HIPAA is balanced in order to provide information to healthcare workers to permit them to do their jobs, and in other circumstances, such as FMLA requests. However, the act requires that access to medical records be severely limited. As an employer subject to FMLA, you must limit access to these medical records only to designated employees who absolutely must have access for bona fide business reasons.
Storage of Medical Information
As an employer, you must protect employee medical information from those who are not designated to access it. All medical records should be stored separately from personnel files. Medical files related to FMLA requests should be kept in locked file cabinets to which only designated employees have access. When faxing and photo-copying employee medical information, protocols should be established and strictly observed to ensure employee privacy. For example, if a medical data form is accidentally left in a photocopy machine and then seen by unauthorized people, it's your company that's liable for the breach of privacy, not the errant employee.
Often in FMLA situations, employers need access to certain of their employees' medical records. HIPAA provides for employees to give written authorization to employers to access only those records pertinent to the condition for which FMLA leave is requested, without giving blanket authorization to access all medical records. Employers may request a second opinion based on a physician's recommendation for FMLA and can also contact the physician directly and discuss the condition. Such discussions must also be authorized by the employee. Employees seeking FMLA must provide adequate documentation and therefore most likely will grant these authorizations.
- Privacy Rights: Medical Records Privacy
- Department of Labor: Physician Certification Form for Serious Health Conditions (PDF)
- Health and Human Services: HIPAA
- U.S. Department of Labor. "The Family and Medical Leave Act of 1993." Accessed Sept. 4, 2020.
- U.S. Department of Labor. "The Family and Medical Leave Act of 1993, Sec. 104." Accessed Sept. 4, 2020.
- U.S. Department of Labor. "Fact Sheet #28: The Family and Medical Leave Act." Accessed Sept. 4, 2020.
- U.S. Department of Labor. "The Family and Medical Leave Act of 1993, Sec. 2." Accessed Sept. 4, 2020.
- U.S. Department of Labor. "Temporary Rule: Paid Leave Under the Families First Coronavirus Response Act." Accessed Sept. 4 2020.
As an educator, television producer and public relations/human resources professional, Mary Tucker-McLaughlin's work has been broadcast on radio and television with affiliates in the Midwest and the South since 1992. Her work has also been published in the "St. Louis Suburban Journals." Tucker-McLaughlin is an assistant professor in eastern North Carolina with a Ph.D. in mass communications from the University of South Carolina.