Dealing with… Protected Health Information (PHI)

Note, this article is part of our continuing series of articles titled “Dealing With….”.  This special series is designed to provide simple practical advice of immediate usefulness to federal employees (and even local and state employees to a certain degree) dealing with certain situations specifically indicated in the article.   

The safeguarding and regulatory compliant handling of Protected Health Information (PHI), also referred to simply as medical information, in our opinion, presents one of  the most significant risks for federal agencies and managers (particularly with an aging workforce and increased frequency of FMLA, Rea20130225-Informed-Fed-Logo_150sonable Accommodation, and sick leave use).  Violations in the handling of this information is almost routine in our opinion and we are constantly correcting managers in the handling, use, and management of this information, whether leaving PHI on a desk in plain view or openly discussing medical diagnosis with staff who have absolutely no need to know.  Nothing surprises us anymore whether the information is submitted in connection with a Reasonable Accommodation request or a request for leave under the Family Medical Leave Act.

There are a myriad of laws and regulations, not to mention provisions of collective bargaining agreements (potentially), that apply to the handling of employee medical information in connection with employment. The Americans with Disabilities Act (ADA), 42 USC 12112 (d)(3)(B) and 12112(d)(4)(c), requires employers to maintain information regarding medical condition and history of employees with disabilities in separate medical files and to treat such information as confidential. See also  29 CFR 1630.14 (b)(1), (c)(1), and (d)(1).  Whereas, the Privacy Act prohibits agencies from disclosing records contained in a system of records to any person, or to another agency, except pursuant to a written request by the individual to whom the record pertains. See, 5 USC Section 552a(b). Vast provisions of the Rehabilitation Act also apply, requiring (and reiterating) the requirement to maintain separate files, apart from other records such as disciplinary files, when they contain medical records.  See, Complainant v. Department of Justice, Federal Bureau of Prisons, 0520130125, 114 FEOR 252  (EEOC 2014).

What You Should Expect

As noted in Grey v. U.S. Postal Service, EEOC No. 0120121846 (EEOC OFO 2012), confidentiality requirements apply to any medical information from any applicant or employee, not only individuals with disabilities.  Federal agencies possess the authority to request and handle employee medical information in connection with employment matters.  This authority extends to applicants but is not limited in that regard. For example, an agency may ask for information possibly connected to a disability provided it is job-related and consistent with business necessity. See, Slavin v. U.S. Postal Service, EEOC No. 0120061503 (EEOC OFO 2007).  Requests of this nature also extend to situations in which an employee may exhibit “unusual behavior” or the agency otherwise establishes a reasonable belief a worker poses a direct threat due to a medical condition or that he is unable to perform the essential functions of his position due to a medical condition.  See, Watson v. U.S. Postal Service, EEOC No. 0120121195 (EEOC OFO 2013) and Norton v. Department of Veterans Affairs, EEOC No. 01A51018 (EEOC OFO 2006).

When a federal employee submits medical information in connection with employment, for any reason, whether voluntarily or requested/ordered by the agency, they have a right to expect that this information will be protected in accordance with law, and frankly, common sense.  This applies to medical information submitted in connection with FMLA, sick leave, a fitness for duty examination, Reasonable Accommodation requests, job applications, a return to duty, or for any other reason. Failure by the agency to properly safeguard an employee’s health information is typically actionable under EEOC guidelines and possibly a civil action.  Awarded damages can range from minimal to significant.


SIDEBAR:  Whether voluntarily submitted or otherwise ordered and received by an agency, all employee medical information must be protected.

Actionable Violations

Any violation of confidentiality concerning Protected Health Information (PHI) is actionable and should not be taken lightly, especially by managers.  The violation does not have to be discriminatory in nature; it stands alone, typically under the Rehabilitation Act, and otherwise referred to as a per se violation.  See, Fisher v. DOD, Department of the Army, (EEOC OFO 09/04).  In other words, even if the rest of a complainant’s EEO claims fail at hearing, the mishandling of medical information remains a violation of the Rehabilitation Act.

Some examples of a violation concerning Protected Health Information could include:

  • Disclosure to unauthorized persons (no need to know)
  • Leaving the information unattended on an office desk
  • Sending the information to the wrong person
  • Disclosing the information off duty to non-agency employees
  • Losing the information
  • Not maintaining the information in a separate folder, apart from other employment records
  • Placing the information in a “six-part folder”
  • Giving the information to a gaining supervisor

However, each case is fact dependent and professional consultation should be obtained to assess the individual circumstances of each case.


See All Our FAQ’s

Informed Fed provides expert administrative consulting and representational services to federal employees and labor organizations in all labor and employee relations matters including arbitration, grievances, disciplinary and adverse actions,  Unfair Labor Practice Complaints, EEO Complaints, Reasonable Accommodation and Alternative Dispute Resolution matters.
Contact us.  Web:  |  Phone/Text: (202) 642-1287  |  Twitter: @InformedFed  |  Hire a Consultant Here
The material on this website is intended to provide only general information and comment to the public. Although we make our best efforts to ensure information found on this website is accurate and timely, we cannot, and do not, guarantee the information is either. Nor do we guarantee accuracy of any information contained on websites to which our website provide links.  Do not, under any circumstances, rely on information found on our website as legal advice. It should be considered a general guide. Legal matters are often complicated and fact dependent. For assistance with your specific issue or inquiry please contact your local union, personnel office, or attorney. Consultants offered through this website are not attorneys and are not employees of Informed Fed. They are labor and employee relations practitioners. They provide services to clients in their individual capacities through individual agreements with their clients. Though attorneys are not required for representation in administrative matters or proceedings, there are instances in which our consultants may refer you to attorneys or otherwise make such recommendation. In no instance does this site, or consultants associated with this site, infer the provision of legal services.