Hello & welcome to Just Answer. I am a licensed attorney. Please be fair with me and click the ACCEPT button if I answered your question. Thanks :-)
Two laws affect your privacy rights in the workplace in regard to your health information, The Health Insurance Portability and Accountability Act (HIPAA) and the Genetic Information Non-Discrimination Act (GINA).
The HIPPA privacy rule does not prevent your employer from asking you for information about your health if your employer needs the information to administer sick leave, workers' compensation, wellness programs, or health insurance. However, to obtain this information your health care provider cannot disclose the information in response to requests from your employer without your authorization. Covered health care providers must have your authorization to disclose this information to your employer, unless other laws require them to disclose it.
Group health plans are covered by HIPAA. The HIPAA Privacy Rule applies as long as the plan has 50 or more participants. If you are a member of a group health plan, your employer pays a premium to the health plan organization to cover your health care costs. In return for the premium paid, the health care plan assumes the risk of paying for health care expenses covered by the plan. The HIPAA Privacy Rule applies to the plan itself, but not your employer.
Self-insured plans are health plans often offered by large employers as an employee benefit. Under self-insured health plans, the employer itself assumes the risk of health care costs and has the responsibility for paying heath care claims out of the company's operating funds. Claims may be processed by company personnel or contracted out to other companies that process and maintain the records.
If your employer is self employed, HIPAA says your employer can get what is called "summary" information to use to obtain premium bids or changes in coverage. If the health information your employer receives goes beyond the basic summary, then HIPAA requires the employer to establish procedures much like that of a covered entity (a medical facility). HIPAA attempts to limit the use of medical information for employment purposes.
Under the HIPAA Privacy Rule, an employer that is also the insurer of health benefits is in a category called a "hybrid" entity. That means the portion of the company's operations that deal with processing health claims is a covered entity. Like any other covered entity, a "hybrid" function must (1) give notice of written privacy procedures, (2) place restrictions on the use of health information, and (3) appoint a privacy officer and train staff.
Under a 2008 law, the Generic Information Nondiscrimination Act (GINA), an employer may not request, require, or purchase genetic information about you. If, like many people, you have health insurance through your employer's group health or self-insured plan, GINA also prohibits your insurer from requesting, requiring, or purchasing genetic information. Further, the insurer cannot use genetic information to adjust your premiums or the premiums of your group plan. For more on GINA and what employers and insurers can and cannot do, see the website for the organization Council for Responsible Genetics at: http://www.councilforresponsiblegenetics.org/geneticprivacy/index.html
I am providing a couple of other helpful links to resources which provide more detailed information about your privacy rights and resources who are available to you to answer any questions you have related to your health records privacy, for your convenience.
This doesn't really answer my question.
My employer is requiring me to release my medical history, prescriptions, etc to a third party so this company can get quotes from new insurance companies for our company. This company will keep my info on file indefinately and I'm supposed to update it regularly.
They are not going behind my back to my doctors to get this.
So, my question is.... do I have to tell them this stuff? can I be fired If I don't? Can they legally ask me for this information and can they legally require me to do so? The laws say that my doctors can't give it out with out my consent. but it doesn't say that I have any rights to refuse to give the consent or the information myself.
They are not asking for genetics specifically so I don't think GINA applies here.
I don't know anything about this 3rd party company. but it's scary that they want my name, address, social security number, medical history, prescriptions, dates of service,...and this is all over the web and will be kept on file (on the internet) indefiately so they can re-use it at will.
I just don't think they can legally ask me for these things but I can't prove it.
An employer can fire an employee for any reason or no reason at all in the State of Ohio, because Ohio is an "at will" state. You don't have to give your consent to release your medical records, but the employer has the right to request it in order to determine their health care costs or to obtain bids or changes in their health care coverage.
If you refuse to give them your health care information, that is your legal right to do so, but it is also their legal right to fire you for any reason at all, including refusing to give them your health information, as long as they are not discriminating against you by asking for the information under GINA or violating HIPAA laws.
So... Hippa protects me from my doctors releasing my information without my consent. But there is no law that protects me from retropution from refusing to give my consent?
What if i lie on this "survey" and say I have no medical issues and do not take any medications. Do I legally have to tell them the truth and everything I know?
There are no laws that say you can't tell a lie or have to tell your employer the truth. :-) Just be aware if ever, or whenever you go to your doctor or to a hospital for any type of medical treatment, the insurance carrier will have access to your health care information when your claim is processed.
DISCLAIMER: Answers from Experts on JustAnswer are not substitutes for the advice of an attorney. JustAnswer is a public forum and questions and responses are not private or confidential or protected by the attorney-client privilege. The Expert above is not your attorney, and the response above is not legal advice. You should not read this response to propose specific action or address specific circumstances, but only to give you a sense of general principles of law that might affect the situation you describe. Application of these general principles to particular circumstances must be done by a lawyer who has spoken with you in confidence, learned all relevant information, and explored various options. Before acting on these general principles, you should hire a lawyer licensed to practice law in the jurisdiction to which your question pertains.
The responses above are from individual Experts, not JustAnswer. The site and services are provided “as is”. To view the verified credential of an Expert, click on the “Verified” symbol in the Expert’s profile. This site is not for emergency questions which should be directed immediately by telephone or in-person to qualified professionals. Please carefully read the Terms of Service (last updated February 8, 2012).