• Public Affairs

  • Medical Record Protections in Expanding Electronic Environment Deficient for Occupational Medicine/ACOEM Requests EEOC Guidance

    April 13, 2011

    Jacqueline A. Berrien
    Equal Employment Opportunity Commission
    131 M Street, NE
    Washington, DC 20507

    Dear Madame Chair:

    I am writing on behalf of the American College of Occupational and Environmental Medicine (ACOEM) to request the Equal Employment Opportunity Commission’s (EEOC) guidance with respect to the electronic medical record (EMR) and the confidentiality of individual health information, as required under the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA).

    In addition to diagnosing and treating work-related injuries and illnesses, occupational medicine physicians and nurses also serve as agents of employers to maintain employer health records. These records are owned by the employer and access to their contents is legally and ethically defined differently than personal health records. For example, ADA regulations generally require employers to keep medical information confidential. EEOC regulations require that certain medical information obtained by the employer regarding the medical condition or history of any employee shall be collected and maintained on separate forms and in separate medical files and be treated as a confidential medical record.

    GINA constrains what types of medical information employers may collect through their health care agents. The EEOC’s regulations implementing Title II of GINA generally prohibit an employer’s health care agent from requesting a family medical history. However, there is an exception to this prohibition when the physician requests the family medical history in the course of treating an individual. This information becomes part of the individual’s personal health record.

    ACOEM believes that neither the employer nor the occupational medicine provider serving as an agent of the employer, or any other agent of the employer, should have access to personal health records without the consent of an employee. Further, we strongly support the medical record protections in the ADA and GINA.

    However, the application of these medical record protections in the rapidly expanding Electronic Medical Records (EMR) environment has revealed a critical deficiency that is of concern to occupational medicine. The problem arises because the large EMRs have not been built with the necessary firewalls to segment the employee’s personal health information from occupational health information. As a result, personal medical information used in the course of treating an individual is being swept up into the individual’s EMR along with occupational health information. All of this medical data – protected and non-protected – exist together in a single EMR. The physician has no ability to designate protected medical information as confidential or to control its path once it is entered into the EMR. Nor does the EMR software provide for the sequestration of confidential medical data that should not be available to an employer. Instead, one general EMR is being used for all purposes.

    For example, an employer may condition a job offer on the satisfactory result of a post-offer medical examination or medical inquiry if this is required of all entering employees in the same job category. Information from the post-offer medical must be kept apart from general personnel files as a separate, confidential medical record, available only under limited conditions. However, this information will be included in the EMR, often without the necessary firewalls to ensure that the information from the medical examination is kept in a separate, confidential medical record. Since an occupational health provider acts as an agent of the employer for purposes of conducting certain employer mandated examinations, the examiner requires the examinee’s consent to enter their personal record. We are concerned that since undergoing the examination is a condition of employment, that consent to enter their personal health record on behalf of their employer may be considered coercive.

    We welcome EEOC’s guidance on whether this practice violates GINA or the ADA and, if so, what safeguards should be incorporated into the EMR software products. In many organizations that have an EMR, it would be optimal if that EMR could be used for both personal and occupational health issues, with the appropriate firewall built in. If there are two systems, some of the information that is gathered and managed by the occupational health department, say travel immunizations, for example, should be part of an integrated patient record. Designing systems with appropriate firewalls and data flows is necessary. Likewise, results of, say, biometric screenings, would be optimally resident with the personal health data, and if an integrated EMR was available, that could be achieved.

    We are not in any way suggesting that personal or occupational health information should reside in totally separate systems. In fact, we think that would detract from the value of the EMR and could lead to gaps in the individual’s health data that is available to the treating physician. Instead, we are suggesting that portions of occupational health data and data protected under ADA and GINA be appropriately walled off from view in the broader EMR. Further, it is essential that these firewalls be incorporated before medical information is transitioned to the EMR.

    Your guidance on this important matter will be welcomed by the occupational medicine community and others.


    T. Warner Hudson, MD