Subscribe to Entrepreneur for $5

What are the legal implications of disclosing an employee's private medical information?

Opinions expressed by Entrepreneur contributors are their own.
We are a 500-employee company. One of our out of state employees has contracted a noncontagious disease. She disclosed this to her manager and told him it is not affecting her job at this time. She said her manager could tell his manager and the head person in HR. Unfortunately, the head person in HR told others in HR, who had a converstion with the employee. In addition, others outside of HR have been told. The employee is extremely upset. Does it matter that others in HR (and outside HR) were informed without the employee's consent? What are the legal implications?
Improper disclosure of an employee's private medical information (also known as "protected health information") may be deemed a violation of HIPAA in addition to other state and federal laws.

The employee may have consented to a limited disclosure, but not necessarily a blanket announcement to the rest of your staff . . . especially as it sounds like this consent was made verbally, which becomes more difficult to prove.

Consult with an employment attorney who knows this area to plug the leaks, set up better systems and control the damage.

Entrepreneur Editors' Picks