In our latest installment of Ask the Expert, brought to you by the team of industry experts at EHS Hero®, we look at a recent question from a subscriber asking about whether or not temperature screenings for employees and building guests are a HIPAA violation. See what the experts had to say.
Q: Are temperature screenings of employees and guests before entering a building an acceptable best practice to monitor for COVID-19? Does this practice violate HIPAA or have any additional liability?
OSHA does not address temperature screening in any of its COVID-19 guidance for business. The CDC lists temperature checks as an optional strategy that may be used to screen employees for COVID-19. However, the CDC states that “policies and procedures for screening workers should be developed in consultation with state and local health officials and occupational medicine professionals.”
Included in the CDC Interim Guidance for Businesses and Employers Responding to Coronavirus Disease 2019 (COVID-19), May 2020, under the heading “Prevent and Reduce Transmission Among Employees” the CDC includes the following:
“Consider conducting daily in-person or virtual health checks (e.g., symptom and/or temperature screening) of employees before they enter the facility, in accordance with state and local public health authorities and, if available, your occupational health services:
- If implementing in-person health checks, conduct them safely and respectfully. Employers may use social distancing, barrier or partition controls, or personal protective equipment (PPE) to protect the screener. However, reliance on PPE alone is a less effective control and is more difficult to implement, given PPE shortages and training requirements.
- See the “Should we be screening employees for COVID-19 symptoms?” section of General Business Frequently Asked Questions as a guide.
- Complete the health checks in a way that helps maintain social distancing guidelines, such as providing multiple screening entries into the building.
- Follow guidance from the Equal Employment Opportunity Commission regarding confidentiality of medical records from health checks.
- To prevent stigma and discrimination in the workplace, make employee health screenings as private as possible. Do not make determinations of risk based on race or country of origin and be sure to maintain confidentiality of each individual’s medical status and history.”
In addition, BLR’s HR legal editors provided the following on the applicability of the Health Insurance Portability and Accountability Act (HIPAA).
HIPAA’s privacy rules generally do not apply to an employer seeking health information from the employee for an employment-related purpose. HIPAA would prohibit an employer from using health benefits information for an employment purpose, and restrict the direct disclosure of test results by a healthcare provider that actually performs the test.
The main way HIPAA will come into play on temperature-taking is if such testing is outsourced to a health care provider. In that instance, because the provider is subject to HIPAA, an employer may need to get the employee’s signed authorization in order to obtain the results directly from the provider, unless certain narrow exceptions apply.
There has been HIPAA guidance specific to COVID, but it applies to the types of public health disclosures HIPAA-covered entities may make—such as the health benefits staff and service providers. (Even in that case, most of the scenarios where that comes into play are more likely to involve health care providers than plans.)
In-house staff responsible for taking employee temperatures would not be subject to HIPAA—instead they would have to comply with the confidentiality and other rules of the Americans with Disabilities Act (ADA).