The regulations clarify that contact between an employer and an employee’s health care provider must comply with the Health Insurance Portability and Accountability Act (HIPAA) privacy regulations. Under the regulations, employers may contact an employee’s health care provider for authentication or clarification of the medical certification by using a health care provider, a human resource professional, a leave administrator, or a management official. In order to address employee privacy concerns, the regulations makes clear that in no case may the employee’s direct supervisor contact the employee’s health care provider. In order for an employee’s HIPAA-covered health care provider to provide an employer with individually-identifiable health information, the employee will need to provide the health care provider with a written authorization allowing the health care provider to disclose such information to the employer. Employers may not ask the health care provider for additional information beyond that contained on the medical certification form.
October 2018
Log in or Register to save this content for later.