I was recently asked, companies keep medical records confidential now that most of these records are kept in electronic files? Neither the ADA nor the Genetic Information Nondiscrimination Act specifically addresses issues of electronic confidentiality such as passwords, encryption, etc. Because of this, it is left to employers to ensure that these electronic files are being kept confidential. Should employers limit the IT personnel who deal with IT issues involving medical files? Should these IT professionals be required to attend ADA training? If they are outside vendors, should they be required to sign confidentiality agreements? What do you think?
This information should not be construed as “legal advice” for a particular set of facts or circumstances. It is intended only to be a practical guide for participants familiar with this subject. Users should seek appropriate legal advice tailored to address their specific situation.