The American With Disabilities Act (ADA) limits an employer's ability to make disability-related inquiries or require medical exams at three stages: pre- job offer, post- job offer, and during employment. A "disability-related inquiry" is a question (or series of questions) that is likely to elicit information about the applicant’s or employee’s disability. A "medical examination" is a procedure or test that seeks information about an individual's physical or mental impairments or health.
Prior to an offer of employment, the ADA prohibits all disability-related inquiries and medical examinations, even if they are related to the job. An employer cannot ask applicants medical questions or require medical exams at this stage.
After an applicant is given a conditional job offer, but before he or she starts work, an employer may make disability-related inquiries and conduct medical examinations, regardless of whether they are related to the job, as long as the employer does so for all employees entering in the same job category.
After employment begins, an employer may make disability-related inquiries and require medical examinations only if they are job-related and consistent with business necessity.
A disability-related inquiry or medical examination of an employee may be "job-related and consistent with business necessity" when an employer "has a reasonable belief, based on objective evidence, that: (1) an employee's ability to perform essential job functions will be impaired by a medical condition; or (2) an employee will pose a direct threat due to a medical condition." "Direct threat" means a significant risk of substantial harm that cannot be eliminated or reduced by reasonable accommodation. The employer may not make assumptions about an individual’s condition or that the individual poses a “direct threat”, but must conduct an individualized assessment.
Finally, an employer can also seek medication information or examination in connection with an employee’s request for reasonable accommodation if the employee’s disability or need for accommodation is not known or obvious. However, such requests should be limited – an employer can require only that the employee provide documentation sufficient to establish that s/he has an ADA-covered disability and needs the accommodation requested. An employer cannot ask for documentation unrelated to the disability or need for accommodation.
If you believe that a prospective employer or your current employer has made improper disability related inquires and/or required an improper medical examination, contact us to talk with our experienced attorneys.
Under the Freedom of Information Act, 5 U.S.C. § 552, any person has a right to obtain access to federal agency records unless those records are exempted from public disclosure or excluded from the Act’s coverage. Under FOIA, there are nine (9) exemptions to disclosure and three (3) exclusions to protect law enforcement and national security records. If no exemption applies, the federal agency must undertake a search that is reasonably calculated to uncover relevant documents based on the requester’s description of the records sought. Federal agencies are not obligated to answer questions or to create records that do not exist.
Under 5 U.S.C. § 552(b), individuals are not entitled to records under FOIA if the records at issue fall into one of the following nine exemptions:
- National defense or foreign policy information or documents specifically and properly classified pursuant to an executive order.
- Related solely to the internal personnel rules and practices of an agency.
- Specifically exempted from disclosure by statute.
- Trade secrets and commercial or financial information obtained from a person that are privileged or confidential.
- Inter-agency or intra-agency memorandums or letters that would not be available by law to a party other than the government in civil litigation with the government (e.g. privileged).
- Personnel and medical files and similar files the disclosure of which would constitute a clearly unwarranted invasion of personal privacy.
- Records or information compiled for law enforcement purposes, but only to the extent that the production of such law enforcement records or information:
- Could reasonably be expected to interfere with enforcement proceedings.
- Would deprive a person of a right to a fair trial or an impartial adjudication.
- Could reasonably be expected to constitute an unwarranted invasion of personal privacy.
- Could reasonably be expected to disclose the identity of a confidential source, including a state, local, or foreign agency or authority or any private institution that furnished information on a confidential basis, and, in the case of a record or information compiled by criminal law enforcement authority in the course of a criminal investigation or by an agency conducting a lawful national security intelligence investigation, information furnished by a confidential source.
- Would disclose techniques and procedures for law enforcement investigations or prosecutions, or would disclose guidelines for law enforcement investigations or prosecutions if such disclosure could reasonably be expected to risk circumvention of the law.
- Could reasonably be expected to endanger the life or physical safety of any individual.
- Contained in or related to examination, operating, or condition reports prepared by, on behalf of, or for the use of an agency responsible for the regulation or supervision of financial institutions.
- Geological and geophysical information and data, including maps, concerning wells.
Each federal agency has its own process and procedures for responding to FOIA requests. However, if an agency denies a FOIA request, the requestor can appeal through an internal appellate process. If an individual has appealed a FOIA determination and is still dissatisfied with the agency’s response, they can seek judicial review in federal court.
Under the Privacy Act, 5 U.S.C. § 552a, unless permitted under an exception, federal agencies are prohibited from disclosing records contained in a system of records pertaining to any person. Further, individuals may request their own records or request the federal agency amend their records under the Act.
Under the Privacy Act, apart from an individual’s request for or consent to release records, federal agencies can only disclose an individual’s personal records in the following situations:
- to those officers and employees of the agency who need those records to perform their duties,
- as required under the Freedom of Information Act,
- for “routine use,” meaning using the record for a purpose compatible with the purpose for which it was collected,
- to the Bureau of the Census for purposes of census, survey, or similar,
- to the National Archives and Records Administration,
- to a consumer reporting agency in accordance with 31 USC § 3711,
- to a recipient for use in statistical research or reporting, provided that the records are not individually identifiable,
- pursuant to court order or to another federal agency for a civil or criminal law enforcement activity,
- to either House of Congress or committee or subcommittee with jurisdiction,
- to a person who shows compelling circumstances affecting the health or safety of an individual,
- to the Comptroller General or his/her authorized representative in the course of performing duties of the Government Accountability Office
With some exceptions, federal agencies must keep an accurate accounting of disclosures of records, including the date, nature, and purpose of the disclosure, and the name and address of the person or agency receiving the records. The federal agency must maintain this accounting for at least five years or for the life of the record, whichever is longer.
Individuals may bring a claim in federal district court for violations of the Privacy Act. Individuals may bring a claim where a federal agency:
- Fails to produce a copy of those records upon request by the subject individual,
- Refuses to amend a record as requested or fails to review a request for compliance with the Privacy Act’s requirements,
- Fails to maintain any record concerning an individual with such accuracy, relevance, timeliness, and completeness to ensure fairness in any determination related to an individual’s qualifications, character, rights, opportunities, or benefits that may be made based on those records and the agency has consequently made a determination that has an adverse effect on an individual,
- Fails to comply with any other provision of the Privacy Act or its regulations in such a way as to have an adverse effect on an individual.
As a general rule, an employer may not disclose or share your medical records or medical information. When an employer obtains medical information from applicants and employees, the employer must store the information on separate forms and in separate files and treat it as “confidential” information.
Under limited circumstances, however, the employer may share an employee’s or applicant’s medical information, such as with managers and supervisors to advise them of work restrictions and reasonable accommodations. Additionally, employers may share medical information if an employee needs emergency treatment or assistance. Employers also have obligations to cooperate with official investigations relating to the employer’s compliance with the law and when needed to support an employee’s claims for workers’ compensation or insurance.
These protections for employees’ medical information derive from the Americans with Disabilities Act and the Rehabilitation Act of 1973 (which applies to the federal government and government contractors). Additional protections are also found under the Privacy Act, which restricts the federal government’s sharing of personal information, to include health information.
Medical providers are also limited in what medical information they can disclose. The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) protects the privacy of all individually identifiable health information held or transmitted by a covered entity or its business associate.
Individually identifiable health information, also referred to as “protected health information”, is what it sounds like: health information that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. Health information is any information relating to:
- the individual’s past, present, or future physical or mental health or condition;
- the provision of health care to the individual; or
- the past, present, or future payment for the provision of health care to the individual.
Health information covered under these three categories is protected under HIPPA only if an individual can be identified from the information. If the information has been redacted to remove all personal identifiers, to include names, addresses, social security numbers, identifying photos, etc., the information ceases to be protected under HIPPA.
Covered entities subject to HIPPA include:
- Health plans
- Health care clearinghouses
- Health care providers who transmit health information in electronic form
HIPAA generally prohibits a covered entity from disclosing an individual’s individually identifiable health information to others without the individual’s consent or authorization. The circumstances in which a covered entity is permitted to disclose an individual’s individually identifiable health information are tightly regulated and include activities such as exchanges of protected health information between covered entities for the purposes of treating the patient in question.
In the context of your employment, your health providers generally cannot provide your employer with your protected health information without your consent or authorization. Your employer may ask you for medical information such as a doctor’s note if related to sick leave, health insurance, wellness programs, or other such items that require you to disclose health information. However, if your employer asks your health provider directly for your protected health information, your health providers generally may not disclose that information without your consent or authorization.