ADA Medical Privacy Laws and Your Right to Confidentiality

The Americans with Disabilities Act (ADA) protects your medical confidentiality in the workplace. (42 U.S.C. §12112 (2026).) If your current or former employer has any medical records or other information relating to your disability, strict rules dictate how those records must be kept and who can have access to them. Whether you’re requesting reasonable accommodations or taking medical leave, you should understand what rights you have to medical privacy at work.

ADA Confidentiality Requirements and Your Medical Information

Under ADA rules, your employer must treat all disability related information pertaining to employee medical exams and disability related inquiries as confidential. This can include information you disclose voluntarily, including information disclosed through your participation in an optional health or wellness program. (42 U.S.C. §12112(d) (2026).)

Furthermore, your employer must keep this protected medical information on separate forms and in separate files from your regular personnel records. The ADA doesn't specify the method the employer must use to do this, but it must effectively restrict access to the records to only those people who have a legal right to view them.

For example, if your employer uses file cabinets and paper records, they can likely satisfy ADA rules by keeping employee medical records in a separate, locked cabinet that’s accessible only to those who are entitled to see the records. Or employers using electronic records can encrypt medical records, requiring a special password to access them.

What Medical Records Are Covered by ADA Privacy Laws?

For the ADA to apply, the records in question must be related to a disability. Many employers err on the side of caution by treating any and all medical information as if it were confidential. There are several ways an employer might have obtained your medical records, including:

• results from a fitness-for-duty exam your employer asked you to take before returning to work after you were out on medical leave or workers' compensation
• a prospective employer asked you to take a medical exam as a condition of employment, or
• your employer has a voluntary workplace wellness program that includes taking health histories or exams.

The ADA’s confidentiality requirements apply to all disability-related medical information your employer obtained through employment-related examinations or inquiries, including entrance examinations conducted after an offer has been made but before you start working. (42 U.S.C. §12112(d)(3)(B) (2026).) Keep in mind that some volunteered health information might not be considered covered under the ADA if it was initiated by the employee of their own volition. (EEOC v. C.R. Eng., Inc., 644 F.3d 1028 (10th Cir. 2011).)

When Can Your Employer Request or Disclose Your Medical Information?

Rarely. While the ADA doesn’t make it illegal for anybody at work to access your medical records, the exceptions to the rules regarding medical confidentiality are very limited. For example, if you’re requesting reasonable accommodations, your supervisor might need information about your work restrictions. Or your company might need to let first responders know about your condition so they can make sure you get proper treatment in an emergency.

Under the ADA, employers are allowed to disclose disability-related medical information to the following people:

• supervisors and managers, if they need information about restrictions on your job duties or ability to work or information on reasonable accommodations (42 U.S.C. §12112(d)(3)(B)(i))
• first-aid and safety personnel, if your disability might require emergency treatment (42 U.S.C. §12112(d)(3)(B)(ii)), and
• government officials who are looking into your employer's compliance with the ADA (42 U.S.C. §12112(d)(3)(B)(iii)).

The Equal Employment Opportunity Commission (EEOC)—the branch of the government that enforces the ADA—has also recognized a confidentiality exception for information provided to state workers' comp offices or insurance carriers. (“Employers may give information to state workers’ compensation offices, state second injury funds, and workers’ compensation insurance carriers in accordance with state workers’ compensation laws; and employers may use the information for insurance purposes.”)

Note that government officials who aren’t looking into your employer’s compliance with the ADA aren’t exempt from the ADA’s privacy protections. So if you’re filing for Social Security disability benefits, for example, the agency can’t ask your employer for information about your medical history. Instead, you’ll need to agree to the release of your medical records using SSA Form 827, Authorization to Disclose Information to the Social Security Administration (SSA). When you sign this form, you’re giving your employer permission to share any records related to your disability claim with Social Security.

What If Your Employer Breached ADA Confidentiality?

If your employer reveals your medical records or disability history without your consent—and none of the statutory exceptions above apply—your employer might have violated ADA privacy laws. And you can sue an employer for improperly disclosing your medical information.

Your first stop in considering your legal options should be a lawyer's office. An experienced disability discrimination attorney can analyze the facts and explain whether you have a strong case and whether it's worth pursuing, given what you might be awarded by a court if you win.

A lawyer can also help you negotiate an out-of-court settlement with your employer. But don’t delay. You might have only 180 days to file a discrimination charge with a government fair employment practices agency (this filing is required before you can sue over ADA violations). So, if you’re considering taking legal action against an employer who’s broken ADA confidentiality requirements, it's best to talk to a lawyer as soon as possible.