Legal Brief Privacy and the Proper Receipt, Storage, and Use of Confidential Information in the Workplace

By Robert Cutbirth and Ryan Quadrel, Slovak Baron Empey Murphy & Pinkney LLP

Public employers are regularly challenged by “disability discrimination” and “retaliation” claims. Given recent changes in the law, and a changed emphasis by Plaintiff’s attorneys, greater attention must now be given to privacy right exposures, particularly when health-related information is involved. Even if no discrimination or retaliation occurred, privacy claims arising from the handling of disability accommodation, return to work, leave of absence and other situations can still lead to large compensatory damage and attorneys’ fees awards. Our session at the upcoming Annual Conference is therefore intended to help you avoid and minimize these risks, particularly in the post-COVID more challenging employment landscape.

Depending on the size of your agency, you may have multiple employees providing “human resource,” “risk management,” “return to work,” benefit, and other functions where the sharing of information regarding an employee’s or family member’s former, current, and potential future health and personal information may have direct relevance to job functions and legal compliance. Yet, even if you are acting in good faith, the failure to properly obtain, store, and share information, particularly with challenging employees, creates operational and litigation risks.

There are some key areas of risk exposure to be considered, including:

• Industrial Injuries, where overlapping human resource (leave of absence, disability accommodation) and workers’ compensation (claim benefits/return to work) functions can trigger duties to shield medical or personal information from being automatically shared without waivers/permissive emails. While those involved in the workers’ compensation claim may be entitled to a variety of historic and current health-related issues, disability accommodation processes are limited only to the disability for which “accommodation” is presently sought. A broader sharing of information among workgroups, or employee files, can then violate employees’ rights to privacy.

• While the new California Consumer Privacy Act does not directly apply to public agencies, Plaintiff’s attorneys (and employees) are now more aware of “privacy” issues based on older statutes (California Medical Privacy Act), causing greater friction in managing the already challenging “interactive process,” as well as the incorrect suggestions that HIPAA applies to these situations. By using specialized forms and identifying clearly in writing the consequences of a failure to cooperate in the required exchanges of information, we will provide guidance on how to gain employee cooperation or safer paths to separation for noncooperating employees.

• Early return to work is often desirable for all, with special care needed in the receipt and handling of medical clearances, restrictions, and “fitness for duty” evaluations. Care should be taken when reviewing these documents and the misinterpretation or mishandling of these documents by all concerned in return-to-work situations, can lead to liability, including key steps to be taken to avoid those risks while also ensuring a returning employee does not present “undue” risks and exposures.

• Methods of communication have also changed, with “Zoom,” emails, text messages and social media communications presenting new challenges. Not only are “personal spaces” and situations now exposed, particularly with remote workers, an unfortunate “casualness” has arisen in these “permanent” forms of communication, where a single text message referencing personal health or confidential information (not just health information) can be the difference in creating liability. Proper use of policies/handbooks, and other tools to reduce these risks and provide training tools and resources must be utilized, as well as boundaries created by “protected speech” considerations.

• There is also a Post-COVID reality - there has been a heightened level of emotional responses and (over) reactions by employees to safety and health protections, and the providing of their personal health information, with medical care providers (when they are available) often equally problematic in finding “solutions” to genuine concerns. As employees also more frequently are using sick leave and leaves of absence to avoid work and are also using health care providers to assert that a return to work would put an employee at risk, there are assertive strategies that can safely be used to minimize these workplace disruptions.

• Faced with ever changing legal standards, competing job duties, changed workplaces, and challenging employees and care providers, it is critical for district leaders safely collect, store, and share private and confidential employee information. The goal is not just to avoid liability risks, but to manage the workplace and its needs without undue disruption and tensions.

Join this session “Privacy and the Need to Share Information in the Workplace” with Rob Cutbirth and Ryan Quadrel, SBEMP, at the CSDA Annual Conference & Exhibitor Showcase!