Lexology May 2, 2020
With employers planning for employees to return to work following COVID-19–related closures, there are sure to be questions about sharing employee medical information as it relates to COVID-19 (symptoms, test results, status) within the workplace and with public authorities. Now may be a good time to review what has changed about federal privacy rules in light of the COVID-19 pandemic—and what hasn’t.
Of course, much remains the same. The privacy, security, and breach notification rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) establish very specific requirements on the use and disclosure of protected health information (PHI) by a very narrow set of entities—primarily, health care providers and health plans, such as employer-sponsored health plans. It is...