Blog: TMI Alert – Is Your Protected Health Information Safe in the Workplace?

By Mathew Keller RN JD, Regulatory and Policy Nursing Specialist

In order to prevent the spread of communicable diseases, it is standard practice across the healthcare industry for healthcare workers who suspect they may have the signs or symptoms of communicable illness to report their symptoms to infection control.

Indeed, Medicare Conditions for Participation for receiving Medicare reimbursement require facilities to put in place “a system for identifying, reporting, investigating and controlling infections and communicable diseases of patients and personnel.”

So far so good.  It makes sense that healthcare workers who may have a communicable disease should work with infection control personnel to prevent the spread of disease and make sure they are symptom free before they return to work.

What this means for our healthcare facilities is that a healthcare worker who is symptomatic with any number of communicable diseases (e.g. chickenpox, influenza, pink eye, etc.) reports that illness to infection control.  Infection control employees, working in coordination with management, are then expected to follow CDC Guidelines for infection control in health care personnel to determine when and how an employee can return to work.

This system, in place in most facilities since the 1990s, is safe and effective. It balances the privacy rights of employees with the safety needs of staff and patients.  It works.

Unfortunately, at least one Minnesota hospital (which shall remain unnamed) has implemented a communicable disease reporting policy so onerous that the hospital is placing itself in grave danger of legal liability for failing to protect the personally identifiable health data of employees.  In this facility, an employee who had ANY time off for any reason is expected to report to the ER and to fellow employees,to receive a bill of clean health.

This hospital’s communicable disease policy has no logical connection to preventing communicable disease.  It will encourage employees to hide communicable diseases that  should be reported.

It violates the private health information of all employees, as they will be forced to share their protected health information, FMLA paperwork, and other sick time information with their co-workers.  One wonders why employees of a HIPAA-covered entity are apparently not entitled to even a modicum of HIPAA privacy.

This hospital’s communicable disease policy must change.

If it ain’t broke, don’t fix it—and this facility’s policy is broke – while other hospitals have followed effective communicable disease policies for decades.

Employees with symptoms of communicable diseases need to report their symptoms to infection control, not their co-workers.  Infection control, in consultation with the employee and CDC guidelines, must work with the employee on a reasonable plan of action for return to work in a safe and effective manner.  This protects patients, fellow employees, workers’ privacy rights, and hospital liability.

1 Comment

  1. Thanks MNA for advocating for nurses. That hospital needs to do the right thing by changing that illegal and unethical policy (and do it pronto on Monday AM).

Comments are closed.