Call Us Today (949) 379-6250
In California, employers are generally prohibited from disclosing a worker’s medical information to other employees. State laws provide important safeguards to protect employee privacy. However, there are a few exceptions. Learn more below from our Orange County employment lawyers at Aegis Law Firm.
The CMIA is a state law that governs the confidentiality of medical information. It applies to healthcare providers, healthcare service plans, contractors, and employers that receive or maintain medical information. According to the CMIA, employers must maintain the confidentiality of medical information obtained in connection with employment and are generally prohibited from disclosing such information to other employees.
The ADA is a federal law that prohibits discrimination against individuals with disabilities, including protecting the privacy of their medical information. While the ADA does not explicitly address the issue of disclosure of medical information to other employees, it requires employers to keep such information confidential and separate from general personnel files.
The FMLA is a federal law that provides eligible employees with protected leave for qualifying medical and family reasons. Under the FMLA, employers are required to maintain the confidentiality of any medical or personal information obtained during the administration of FMLA leave. This includes the reason for the leave and medical conditions. Employees who do not have a legitimate business reason to know about the specific details of an employee’s FMLA leave should not be informed.
Under the PDA and other anti-discrimination laws, employers are required to treat pregnancy-related information as confidential. This means that an employer should not disclose an employee’s pregnancy to coworkers, supervisors, or other employees without the employee’s explicit consent.
GINA emphasizes the importance of maintaining the privacy and confidentiality of genetic information. Employers are required to keep genetic information confidential and separate from personnel files. They are also prohibited from disclosing genetic information except under specific circumstances, such as when required by law or when providing the information to the employee or their healthcare provider.
Despite the general rule of confidentiality, there are certain exceptions where an employer may disclose medical information to other employees. These exceptions include the following:
In situations where an employee’s medical condition requires immediate attention, limited disclosure of medical information may be necessary to protect the individual’s health and safety.
Employers may need to share relevant medical information with supervisors or managers to provide reasonable accommodations to employees with disabilities. However, such disclosures should be limited to what is necessary for the accommodation process.
If there are legal requirements or obligations to report certain medical conditions, such as communicable diseases, employers may disclose limited medical information to public health authorities or other relevant entities.
Employees may have several legal options after an employer improperly discloses confidential medical information. Depending on the circumstances, a worker may pursue administrative claims, civil litigation, or additional employment-related actions connected to the disclosure. A privacy violation can create consequences that extend beyond embarrassment in the workplace. Some employees experience retaliation, loss of advancement opportunities, exclusion from projects, damaged professional relationships, or termination after sensitive medical information becomes known throughout the company. When that occurs, the disclosure itself may become part of a larger employment claim. Potential legal remedies may include compensation for:
Preserve as much evidence as possible after learning your information was shared. Helpful evidence may include emails, text messages, internal complaints, witness statements, screenshots, disciplinary notices, or written communications from supervisors and human resources personnel. Maintaining a timeline of events can also help establish how the disclosure affected your work environment or treatment.
If you believe that your employer has violated your privacy rights by disclosing confidential medical information without your consent, there are several potential legal recourse options you may consider:
Start by addressing the issue internally within your organization. Speak with your supervisor or HR department to express your concerns and seek a resolution.
If you are unsatisfied with your company’s internal resolution, you can file a complaint with the state or federal agencies responsible for enforcing privacy laws. In California, the appropriate agency is the California Department of Fair Employment and Housing (DFEH). At the federal level, you can file a complaint with the U.S. Equal Employment Opportunity Commission (EEOC). These agencies will investigate your complaint and, if deemed appropriate, may take legal action on your behalf.
Consult a trusted Orange County employment attorney who can assess the specifics of your case and guide you through the process of filing a complaint and/or lawsuit against your employer to seek compensation for any losses suffered.
Employers may require medical examinations in limited situations after extending a conditional job offer. However, California and federal laws restrict how employers use medical testing during the hiring process. The examination must relate to the position and apply consistently to employees entering similar roles.
Employers generally cannot use medical exams to screen out applicants based on disabilities, medical conditions, or perceived impairments unless the condition would prevent the applicant from safely performing essential job duties. Employers must also keep the results confidential and separate from standard personnel files.
In some situations, employers may lawfully require medical evaluations during employment if they are job-related and consistent with business necessity. For example, an employer may request a fitness-for-duty examination when there is objective evidence that an employee cannot safely perform essential job functions or may pose a workplace safety risk.
Employers cannot use medical testing as a tool for intimidation, retaliation, or discrimination. Requests for examinations must remain narrowly tailored to legitimate workplace concerns. Employees still maintain privacy rights regarding how medical information is stored, accessed, and disclosed after the examination occurs.
Many employees assume HIPAA completely prevents employers from accessing medical information, but HIPAA does not apply to every workplace situation. HIPAA primarily regulates healthcare providers, health plans, and certain medical information handlers rather than employers themselves.
That said, even when HIPAA does not directly apply, employers may still violate California law if they improperly share medical diagnoses, treatment details, accommodation requests, or leave-related medical information with coworkers or unauthorized individuals.
Employers that receive medical information through leave requests, disability accommodation discussions, workers’ compensation claims, or employer-sponsored health programs must still handle that information carefully and confidentially.
Mental health conditions generally receive the same confidentiality protections as physical medical conditions. Employers should not openly discuss an employee’s anxiety, depression, PTSD, therapy, or other mental health information with coworkers or staff members who do not need access to the information.
Human resources may share limited medical information internally when necessary for legitimate workplace purposes, such as leave administration or accommodations. However, employers should not unnecessarily circulate medical records or discuss private health information with managers, supervisors, or coworkers who do not need access to it.