Privacy Issues in the Workplace

a. What Is “Medical Information” for Purposes of the CMIA? The CMIA defines medical information as:

“any individually identifiable information, in electronic or physical form, in possession of or derived from a provider of health care, health service plan, pharmaceutical company, or contractor regarding a patient’s medical history, mental or physical condition, or treatment.” 239 Medical information is “individually identifiable” if it “includes or contains any element of personal identifying information sufficient to allow identification of the individual, such as the patient's name, address, electronic mail address, telephone number or social security number, or other information that,

alone or in combination with other publicly available information, reveals the individual’s identity.” 240

b. Requirements of Valid Authorization A health care provider cannot release information to an employer (or anyone else for that matter) unless the patient’s written authorization:

 Identifies the person authorized to release the information;

 Identifies the person authorized to receive the information;

 Identifies any limitations on the types of information to be disclosed and the purposes for which the information can be used;  States a specific date after which the health care provider is no longer authorized to disclose the information;

 Is typed or handwritten by the person signing it;

 Is separate from any other language contained on the same page and executed by a signature that serves no other purpose; and  Advises the signing party of the right to receive a copy of the authorization. 241

c. Exceptions to the Rule—Instances When Written Authorization Is Not Required under the CMIA There are several exceptions to the requirement of written authorization that are relevant in the employment context.

Privacy Issues in the Workplace ©2021 (s) Liebert Cassidy Whitmore 74

Made with FlippingBook - Online catalogs