Written testimony of Kae Livsey, AAOHN
24 February, 1997
American Association of Occupational Health Nurses, Inc.
Recommendations
to the National Committee on Vital Health Statistics,
Subcommittee on
Privacy and Confidentiality,
on the need for privacy protections for health
information obtained at the worksite.
The American Association of Occupational Health Nurses (AAOHN) is the professional association for over 13,000 occupational health nurses who provide on the job health care for the nation's workers. Occupational health nurses are the largest group of health care providers at the worksite, and many AAOHN members are the sole provider of health care at their worksite. As such, they assume responsibility for all aspects of health and safety for individual workers and the work environment. AAOHN is pleased to have the opportunity to submit comments to the National Committee on Vital Health Statistics, Subcommittee on Privacy and Confidentiality, on the need for privacy protections for health information obtained at the worksite.
Occupational Health Nurses Play a Vital Role In Our Health Care System
Many employers looking for ways to control health care costs have implemented on-site health care programs run by occupational health professionals, including occupational health nurses. These professionals perform many functions such as monitoring employee exposure to toxic substances, conducting wellness seminars, referring employees for counseling or other treatment, and managing early return to work programs for ill or injured employees.
In the course of their job, occupational health nurses collect much personal information about an employee's health and lifestyle. The vast majority of this information is unrelated to the employee's ability to perform his or her job. Yet, occupational health nurses are increasingly being asked to divulge this personal information. These requests often pose ethical, moral and legal dilemmas for the occupational health nurse.
Occupational health professionals have an ethical obligation to protect patient privacy. Because this ethical obligation always does not have the force of law, occupational health professionals are often torn between their duty to protect an employee's confidence and an employer's demands for personal health information. Most state medical records privacy laws do not protect communications between occupational health professionals and their clients, as the health professionals are acting as an agent of the employer. At the same time, these professionals can be subject to disciplinary action by their licensing boards if they breach their professional and ethical duty to respect patient privacy. On more than one occasion, an occupational health nurse has lost her job attempting to protect an employee's privacy. Currently, these professionals often have no legal recourse under state law.
Inappropriate Disclosures of Worksite Health Information Can Undermine Health and Safety Programs
Inappropriate use of personal health information obtained at the worksite destroys the employee's trust and, ultimately, can damage employers' efforts to protect the health and safety of their workforce. Employees who do not feel their health information will be held in confidence may choose not to report certain occupational illnesses and injuries or fail to disclose health information accurately and truthfully when they do seek care, for fear that any information disclosed may be used to discriminate against them. Fear of disclosure also may prevent employees from using employer-sponsored employee assistance programs or from participating in voluntary medical surveillance or wellness programs.
There is increasing evidence that some personal health information is being misused. For example, when an individual files a claim for work-related ailments, he or she must typically sign a release of all medical records, including worksite health records. Additionally, employers may use records obtained through worksite health programs or employee assistance programs when making hiring, promotion and disciplinary decisions.
Federal Protections for Health Information Are Needed
The current patchwork of state laws regulating medical records and patient privacy results in disparities and complexities for both individuals and multi-state employers. In most states, health information obtained at the worksite is not protected from inappropriate disclosures.
With the spread of information technology and telehealth, as well as efforts to streamline insurance claims processing, the opportunities for the misappropriation of health information will increase. Congress should ensure that protection of health records is consistent across state lines.
Protecting the Privacy of Health Records Benefits Employers and Employees
AAOHN advocates the right of employees to maintain the privacy of their personal health records. Although employees may not "own" their worksite health records, personal health information should be protected from unauthorized and inappropriate disclosure. In today's occupational health environment, it is common for individuals other than health care providers, such as managers and personnel directors, to have access to employee health information. Clearly, employers have some legitimate needs for information about their employees. Medical surveillance programs to protect workers from toxic substances and other hazard prevention programs require certain health information for implementation. These programs can be carried out while preserving an individual's right to privacy. Access to personal health information should be limited to health care providers within the company except in life-threatening situations, for workers' compensation claim processing, if required to comply with government regulations, or when the employee authorizes release, such as to an insurance company or personal health care provider. Strict confidentiality policies improve the success of worksite health programs by allowing employees to divulge highly personal information without fear of public knowledge or reprisal.
Current Legislative Proposals Should be Amended to Address the Privacy Issues Unique to the Worksite Health Setting
Three pieces of legislation were introduced in the 104th Congress that would have created relatively broad federal protections for the confidentiality of health information: Medical Records Confidentiality Act of 1995 (S. 1360) introduced by Senator Bob Bennett (R-UT); Fair Health Information Practices Act of 1995 (H.R. 435) introduced by Rep. Gary Condit (D-CA 18th); and, Medical Privacy in the Age of New Technologies Act of 1996 (H.R. 3482) introduced by Rep. Jim McDermott. While AAOHN supports the goals of these bills, none of them adequately addressed health information collected at the worksite. Language should be included in any federal confidentiality legislation to ensure the privacy of health data collected through qualified employee assistance programs or worksite health programs. Ideally, the legislation should prohibit employers from using health information gathered through such programs to hire, fire, or otherwise restrict any term or condition of employment or to grant or deny any claim or benefit under a workers' compensation law.
Generally, the bills introduced last session failed to include medical care that is employment related, such as preemployment physicals and return to work exams, within the definition of health care. Accordingly, the proposals afforded no protection to health information gathered during such encounters. Broadening the definition of protected health information does not completely solve the problem, however. The definition of "health information trustee" also must be revised, since including the "employer" as a health information trustee creates the potential for inappropriate intra-employer disclosures while excluding the employer from the list of trustees again brings worksite health data outside the scope of the proposal. To rectify this situation, language needs to be included in bills using the "trustee" approach requiring employers to designate health information trustees within their organizations, with acceptable designees limited to workplace health care providers, employee assistance personnel, and individuals responsible for payment for treatment or transmission of protected health information to insurers. Access and disclosure to other company officials should require the written authorization of the individual. Finally, a comprehensive federal privacy law should impose sanctions on individuals that coerce or attempt to coerce the improper disclosure of health information that otherwise would be protected under the law.
The AAOHN hopes the committee will consider these issues and recommend that Congress include provisions to protect health information obtained at the worksite from inappropriate disclosures in any legislation it enacts.