How JustAnswer Works:
  • Ask an Expert
    Experts are full of valuable knowledge and are ready to help with any question. Credentials confirmed by a Fortune 500 verification firm.
  • Get a Professional Answer
    Via email, text message, or notification as you wait on our site.
    Ask follow up questions if you need to.
  • 100% Satisfaction Guarantee
    Rate the answer you receive.
Ask LadyJustice Your Own Question
LadyJustice, Attorney At Law
Category: Employment Law
Satisfied Customers: 470
Experience:  Licensed Attorney
Type Your Employment Law Question Here...
LadyJustice is online now
A new question is answered every 9 seconds

My employer is requiring us to give them our full medical history.

Resolved Question:

My employer is requiring us to give them our full medical history. Including Social Security numbers, conditions, treatments, medications, dates of treatments....etc. So they can keep our records on file and shop for better insurance rates when ever they want. Plus they want us to updated it with any changes. Do I have to tell them medical history, diagnosis', medications, treatment dates, etc? or can I refuse? they are saying it is mandatory. If you can't answer this, who can?
Submitted: 5 years ago.
Category: Employment Law
Expert:  LadyJustice replied 5 years ago.

Hello & welcome to Just Answer. I am a licensed attorney. Please be fair with me and click the ACCEPT button if I answered your question. Thanks :-)


Two laws affect your privacy rights in the workplace in regard to your health information, The Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Non-Discrimination Act (GINA).


The HIPPA privacy rule does not prevent your employer from asking you for information about your health if your employer needs the information to administer sick leave, workers' compensation, wellness programs, or health insurance. However, to obtain this information your health care provider cannot disclose the information in response to requests from your employer without your authorization. Covered health care providers must have your authorization to disclose this information to your employer, unless other laws require them to disclose it.


Group health plans are covered by HIPAA. The HIPAA Privacy Rule applies as long as the plan has 50 or more participants. If you are a member of a group health plan, your employer pays a premium to the health plan organization to cover your health care costs. In return for the premium paid, the health care plan assumes the risk of paying for health care expenses covered by the plan. The HIPAA Privacy Rule applies to the plan itself, but not your employer.


Self-insured plans are health plans often offered by large employers as an employee benefit. Under self-insured health plans, the employer itself assumes the risk of health care costs and has the responsibility for paying heath care claims out of the company's operating funds. Claims may be processed by company personnel or contracted out to other companies that process and maintain the records.


If your employer is self employed, HIPAA says your employer can get what is called "summary" information to use to obtain premium bids or changes in coverage. If the health information your employer receives goes beyond the basic summary, then HIPAA requires the employer to establish procedures much like that of a covered entity (a medical facility). HIPAA attempts to limit the use of medical information for employment purposes.


Under the HIPAA Privacy Rule, an employer that is also the insurer of health benefits is in a category called a "hybrid" entity. That means the portion of the company's operations that deal with processing health claims is a covered entity. Like any other covered entity, a "hybrid" function must (1) give notice of written privacy procedures, (2) place restrictions on the use of health information, and (3) appoint a privacy officer and train staff.


Under a 2008 law, the Generic Information Nondiscrimination Act (GINA), an employer may not request, require, or purchase genetic information about you. If, like many people, you have health insurance through your employer's group health or self-insured plan, GINA also prohibits your insurer from requesting, requiring, or purchasing genetic information. Further, the insurer cannot use genetic information to adjust your premiums or the premiums of your group plan. For more on GINA and what employers and insurers can and cannot do, see the website for the organization Council for Responsible Genetics at:


I am providing a couple of other helpful links to resources which provide more detailed information about your privacy rights and resources who are available to you to answer any questions you have related to your health records privacy, for your convenience.


Customer: replied 5 years ago.

This doesn't really answer my question.


My employer is requiring me to release my medical history, prescriptions, etc to a third party so this company can get quotes from new insurance companies for our company. This company will keep my info on file indefinately and I'm supposed to update it regularly.


They are not going behind my back to my doctors to get this.


So, my question is.... do I have to tell them this stuff? can I be fired If I don't? Can they legally ask me for this information and can they legally require me to do so? The laws say that my doctors can't give it out with out my consent. but it doesn't say that I have any rights to refuse to give the consent or the information myself.


They are not asking for genetics specifically so I don't think GINA applies here.


I don't know anything about this 3rd party company. but it's scary that they want my name, address, social security number, medical history, prescriptions, dates of service,...and this is all over the web and will be kept on file (on the internet) indefiately so they can re-use it at will.


I just don't think they can legally ask me for these things but I can't prove it.

Expert:  LadyJustice replied 5 years ago.

An employer can fire an employee for any reason or no reason at all in the State of Ohio, because Ohio is an "at will" state. You don't have to give your consent to release your medical records, but the employer has the right to request it in order to determine their health care costs or to obtain bids or changes in their health care coverage.


If you refuse to give them your health care information, that is your legal right to do so, but it is also their legal right to fire you for any reason at all, including refusing to give them your health information, as long as they are not discriminating against you by asking for the information under GINA or violating HIPAA laws.

Customer: replied 5 years ago.

So... Hippa protects me from my doctors releasing my information without my consent. But there is no law that protects me from retropution from refusing to give my consent?


What if i lie on this "survey" and say I have no medical issues and do not take any medications. Do I legally have to tell them the truth and everything I know?

Expert:  LadyJustice replied 5 years ago.

There are no laws that say you can't tell a lie or have to tell your employer the truth. :-) Just be aware if ever, or whenever you go to your doctor or to a hospital for any type of medical treatment, the insurance carrier will have access to your health care information when your claim is processed.



LadyJustice and 10 other Employment Law Specialists are ready to help you

Related Employment Law Questions