Privacy Patrol: Guidelines for Complying with the New Genetic Information Nondiscrimination Act

As of Nov. 21, employers are required to comply with yet another law that restricts disclosure of employee health information. The new law will join others already on the books that require HR leaders to exercise discretion and vigilance when it comes to dispersing and safeguarding such information. However, a few misconceptions about medical-privacy laws and the workplace need to be clarified.

Specifically, the Genetic Information Nondiscrimination Act of 2008 will join the Americans with Disabilities Act and the Family and Medical Leave Act, as well as state laws that restrict disclosure of employee health information. It will not, however, be joining the Health Insurance Portability and Accountability Act.

Given all these laws protecting employees' medical and genetic information, an employer should:

• Separate health information from other personal information and restrict access to the information,
• Carefully consider how much information to disclose before you do so. For example, supervisors may need to know an employee has restrictions but they most likely do not need to know the exact condition or diagnosis, and
• When communicating about an employee's condition via e-mail, only copy those individuals who meet the "need to know" test.

Remember that even if the information does not meet the definition of medical information protected under the ADA, FMLA or GINA, state privacy laws may limit disclosure.

This article appeared in the October 16, 2009 issue of Human Resource Executive Online.