In recent weeks, the White House released guidelines for reopening the nation’s economy, largely punting to state and local officials to assess whether they are sufficiently prepared to stay ahead of the COVID-19 spread and when to reopen non-essential businesses. In anticipation of bringing employees back to the workplace, the administration has also instructed employers to “develop and implement appropriate policies” to keep workers and patrons safe from contagion. That may be easier said than done.
A majority of states have unveiled return-to-work plans, with some jurisdictions adopting a more incremental approach and others seeming to reopen with free abandon. As states begin to allow certain businesses to reopen, several questions have emerged about the monitoring of coronavirus-related illness and other issues, and the extent to which the equal employment opportunity laws, particularly the Americans with Disabilities Act (ADA), are implicated.
The only way for employees to protect their privacy in the “new normal” workplace is to understand the regulatory requirements imposed on their employers, and the information employers may – and may not – request.
The ADA Generally and in a Pandemic
The ADA protects job applicants and employees from disability discrimination and requires covered employers to provide reasonable accommodations for an employee’s disability. Not surprisingly, the ADA has direct implications in the COVID-19 crisis.
The U.S. Equal Employment Opportunity Commission (EEOC) has identified three key issues. First, the ADA regulates the disability-related inquiries and medical examinations employers may request from all applicants and employees, including those who do not have ADA-protected disabilities. Second, the ADA prohibits covered employers from excluding individuals with disabilities from the workplace for health or safety reasons unless they pose a “direct threat” – a significant risk of substantial harm even with reasonable accommodation. Third, the ADA requires reasonable accommodations for individuals with disabilities (unless it causes undue hardship) during a pandemic.
ADA, Worker Safety, and Safeguarding Employee Medical Information
In the early days of the COVID-19 pandemic, when most employees were still reporting to work, most workplaces observed “privacy guidelines” mandated by the ADA, the Family Medical Leave Act (FMLA), and the Occupational Safety and Health Act (OSHA). In balancing an employee’s right to maintain privacy over her medical information and the workforce’s collective right to perform their jobs in a hazard-free environment, the main conflict at play was the interaction between OSHA requirements and ADA employee protections.
After reopening, however, employers have new concerns to balance. One the one hand, OSHA requires employers to provide a workplace free from “serious recognized hazards.” On the other, the ADA imposes strict confidentiality obligations for protecting disabled employees’ medical information. Specifically, under the ADA, employers must maintain all information regarding an applicant’s or employee’s medical condition or history on separate forms, keep that information in a separate medical file, and treat the information as confidential medical records. The limited exceptions to the ADA’s lock-and-key requirements are for sharing information with supervisors or managers who need to be informed of an employee’s restrictions, first aid and safety personnel who might have to address the medical issue, and government officials investigating ADA compliance.
Employment Documentation Requirements
Like the ADA, the FMLA and the Families First Coronavirus Response Act (FFCRA) require employers to maintain medical information in a separate, confidential file about employees who request leave. According to a U.S. Department of Labor advisory on the topic, for any employee taking paid sick leave or expanded family and medical leave, an employer must keep records that include:
- The name of the employee requesting leave;
- The date(s) for which leave is requested;
- The reason for leave;
- A statement from the employee that they are unable to work for the reason given;
- The government entity issuing an order subjecting the employee to a quarantine or isolation order or to care for an individual subject to such an order; and
- The name of the health care provider who recommended self-quarantining to the employee or an individual who the employee must care for.
Leave protections also extend to employees with coronavirus-related childcare issues. When an employee requests leave to care for his child whose school or daycare is closed or for whom no childcare provider is available, the employer must document:
- The name of the child.
- The name of the school, place of care, or childcare provider that has closed or become unavailable; and
- A statement from the employee that no other suitable person is available to care for the child.
So what does this mean for a COVID-19-positive employee who has come to work and physically interacts with other employees? Employers must balance the need to keep that employee’s medical information confidential while providing management with sufficient information to keep the workplace safe. This can be a very tricky situation for employers to navigate, and there is no one-size-fits all-solution: employers will have to carefully consider their various obligations and the particular circumstances of each case. Notably, who the employer should share the information with is an open question; at the very least, this information should only be communicated on a need-to-know basis.
For employees, knowing what information they must provide employers and how it can be used and shared in the workplace is essential for protecting privacy rights and taking action for any employer violations.
