Employers tend to gather a lot of paperwork on employees, from employment applications and resumes to benefits forms, performance evaluations, disciplinary documentation, contact information, and even medical records. The law requires employers to keep some information confidential, but not all of it. This article explains which records must be kept private -- and what to do if the confidentiality of your records has been violated.
The biggest category of records that must be kept confidential is medical information. The Americans with Disabilities Act (ADA), the Genetic Information Nondiscrimination Act (GINA), and the Health Insurance Portability and Accountability Act (HIPAA) all have very strict rules about how employers must keep certain types of medical information. The general intent of these rules is to protect employee privacy and prevent managers from making discriminatory workplace decisions based on an employee's disability or genetic information.
Under the ADA, for example, medical records and information must be kept in a file that's separate from the employee's regular personnel file, and must be kept confidential (for example, in a separate locked file cabinet or online behind a secure firewall). These records may be seen only:
If an employer (or more typically, the HR department) doesn't follow these rules, and the confidentiality of an employee's medical records is compromised, the employee can sue for violation of the ADA.
Very few rules specifically require employers to keep other types of personnel records confidential. However, smart employers observe some common sense protocols to maintain the privacy of records that could lead to legal problems if they fall into the wrong hands. Here are some examples:
If your private information has been leaked in the workplace, your legal options depend on the type of records, the circumstances of the breach, and the consequences to you. In many cases, even if you are embarrassed by the breach, you might not have any legal recourse unless someone at work used the information in an illegal way (for example, as a basis to discriminate against you). An experienced employment lawyer can help you figure out whether your legal rights have been violated, and what you can do about it.
Need a lawyer? Start here.