The Americans with Disabilities Act (ADA) protects your medical information in the workplace. If your current or former employer has any medical records or other information relating to your disability, strict rules dictate how those records must be kept and who can have access to them.
There are several ways an employer might have obtained your medical information, including any of the following:
Read on to learn about the rules employers must follow regarding your medical records—and whether Social Security can require your employer to hand over your personnel records without your consent.
The ADA's confidentiality requirements apply to all disability-related medical information your employer obtained through employment-related examinations or inquiries. This includes:
But the ADA doesn't apply to all health records. For ADA to apply, the records in question must be related to a disability (including Social Security disability claims).
Many employers err on the side of caution by treating any and all medical information as if it were confidential.
Under ADA rules, your employer must treat all disability-related information pertaining to employee medical exams and disability-related inquiries as confidential. This includes any information you disclose voluntarily, including information disclosed through your participation in a voluntary health or wellness program.
And your employer must keep this protected medical information on separate forms and in separate files from your regular personnel records. The ADA doesn't specify the method the employer must use to do this, but it must effectively restrict access to the records to only those people who have a legal right to view them (see below).
For example, if your employer uses file cabinets and paper records, they can satisfy ADA rules by keeping employee medical records in a separate, locked cabinet that's accessible only to those who are entitled to see the records. And employers using electronic records can encrypt medical records, requiring a special password to access them.
Under the ADA, it's not illegal for certain people to access your medical records. After all, if you need a reasonable accommodation to do your job, your supervisor might need information about your work restrictions. Or, your company's onsite first aid or medical team might need to know about your condition so they can make sure you're properly cared for in an emergency.
The ADA allows employers to disclose disability-related medical information to the following people:
The Equal Employment Opportunity Commission (EEOC) has also recognized an exception for information provided to state workers' compensation offices or insurance carriers.
The exceptions to the ADA rules regarding confidentiality of medical information are very limited. Employers can rarely disclose your medical information. For example, EEOC found that an employer isn't allowed to release employee medical records—even if they're subpoenaed in a lawsuit—without the employee's consent.
And a court in Indiana found that an employer could be held liable for violating these rules if one of its employees (in this case, the employee responsible for dealing with workers' comp claims) posts another employee's medical information online.
Except for government officials who are specifically examining your employer's ADA compliance, the list of exceptions doesn't include government agencies. So the law appears to forbid your employer from giving your confidential medical records to any government agency that requests them—including the Social Security Administration (SSA).
This doesn't mean your records are totally off-limits, however: If you file a claim for Social Security disability benefits, you'll likely be asked to sign an authorization form (SSA Form 827). When you sign this form, you're giving your employer permission to share any records related to your disability claim with Social Security.
If your employer reveals your medical records or disability history without your consent, and none of the exceptions above apply, your employer might have violated ADA privacy laws. And you can sue an employer for improperly disclosing your medical information.
Your first stop in considering your legal options should be a lawyer's office. An experienced lawyer can analyze the facts and explain:
A lawyer can also help you negotiate an out-of-court settlement with your employer. But don't delay.
You might have only 180 days to file a discrimination charge with a government fair employment practices agency (this filing is required before you can sue over ADA violations). So, if you're considering taking legal action against an employer who's broken ADA confidentiality requirements, it's best to talk to a lawyer as soon as possible.
Learn more about your rights under the ADA and how to enforce them.
Updated January 6, 2023
Need a lawyer? Start here.