By Hemu Nigam
Mar 26, 2020

Questions and Answers

The outbreak of COVID-19 is not only causing havoc in the economy, it’s also raising numerous privacy challenges for businesses. Balancing an employee’s right to privacy under the Americans with Disabilities Act (ADA) with the obligation to create a safe work environment pursuant to federal OSHA and Cal/OSHA standards has many employers looking for answers.

When looking for guidance, thinking about processes and strategies that we have used to solve similar problems or asking others with experience in the matter for help is a great place to start. But as an employer, exercising discernment to protect your employees during an unprecedented pandemic can be daunting. Employers should navigate this issue with caution, as new and unknown issues can cause employers to be liable even when they try to do the right thing. Even during an international pandemic, employers must adhere to employee privacy rights. The main concern is that the novelty and evolving nature of the pandemic has resulted in ever-changing guidance from authorities. Employers should work with experienced lawyers and public health officials to help navigate through this developing issue. While employment issues surrounding COVID-19 continuously evolve, below are some privacy concerns we have heard from employers.

Does an employee that has contracted COVID-19 have a legal requirement to inform their employer?

There have been conflicting reports on this front. A few weeks ago, the answer would generally be no. However, state and local laws continue to change, and it is important to stay up to date on the latest requirements. On March 12, 2020, a Wall Street Journal article stated an employee may not have a legal requirement to self-report a positive COVID-19 test to their employer. But the majority of other sources find that they may be required to do so by public health officials. The Society of Human Resource and Management quoted lawyers at the law firm Ogletree Deakins in an article stating that “someone who tests positive for COVID-19 will likely be required by applicable health authorities to disclose that to his or her employer.” The Fisher Phillips law firm answered the question a different way, advising that employers require their employees to self-report. Regardless of the conflicting reports, even if there is not a legal requirement for the employee to inform her employer on her own, we hope that employers find out from public health officials when such a dangerous challenge faces their company.

How would employers find out about an employee that has tested positive for COVID-19 from public health officials?

At the moment, public health department officials have taken on the role of protecting individuals that have potentially been exposed to coronavirus, putting less pressure on employers to ensure that any employee self-reports a positive test for COVID-19. Healthcare groups must report positive COVID-19 test results to public health officials. Thus, it is likely that public health officials know before the employer would. An article by National Public Radio (NPR) helps explain how public health officials engage in “contact-tracing” and inform others that have been in close contact with an individual with COVID-19. Public health officials will not always do this, however. Ranu Dhillon, an instructor and physician in the Division of Global Health Equity at the Brigham and Women’s Hospital told NPR about the challenges associated with contact tracing and the difficult determinations public health officials must make. Despite the challenges, many public officials have continued to perform contact tracing and contact employers and building owners so that they may properly inform their employees that may have been in close contact with the affected individual in the previous two weeks.

Can employers do anything to find out whether an employee has contracted COVID-19?

Employers may have a way to inquire about this information on their own as well. The Equal Employment Opportunity Commission (EEOC), the organization in charge of upholding the ADA, has issued pandemic preparedness guidelines that directly reference the COVID-19 pandemic.

Under these guidelines, the ADA currently recognizes that COVID-19 qualifies as a direct threat to a workplace, but this is subject to change. For now, as long as employers have an objective reasonable belief that an employee may have contracted, displayed symptoms of, or tested positive for COVID-19, they may make related inquiries about COVID-19-like symptoms and even measure employee’s body temperature. It is important to note that deciding whether a reasonable belief exists and which methods to use to implement these laws should be determined on a case-by-case basis. However, one of the unique aspects of COVID-19 is that many people with it are asymptomatic, making medical examinations and inquiries ineffective in many cases.

What should employers do if they know an employee has tested positive for COVID-19?

For employers adhering to the Safer at Home Order, this issue may not be one they currently face, but will likely encounter once the Order is lifted because there may be lingering cases and new cases will likely arise. For other employers, this may be more pressing as many states in the country have not even considered Safer at Home Orders. Whether an employee has symptoms or tested positive for COVID-19, the EEOC has stated that employers may require employees to go home.

One of the few clear restrictions surrounding the pandemic is that the employer must maintain confidentiality with any and all medical information disclosed to them. Employers may advise other employees of the situation but must avoid identifying the affected employee to anyone; even if the other employees find out by process of elimination. To protect other employees, employers can refer to the CDC’s guidance for assessing and managing risks of exposure. Employers should identify all employees that worked in close proximity to them within the last two weeks. Best practices for protecting employees include confirming a list of names of those that were in direct contact with the affected individual, sending each of them home, and notifying the building management team so that they may take proper precautions to sanitize areas and notify others. Even while at home or working remotely, employees continue to maintain all privacy rights.

According to the EEOC, there is an exception that allows disclosure of the identity of the affected individual to the employee’s manager in order to properly make necessary accommodations for the employee at work. This exception does not include revealing medical or identifying information to other employees in order to protect them, however.

Some Closing Thoughts for Employers Wrestling with COVID-19

What’s clear is that employers should properly inform their employees of the highly contagious nature of the virus, symptoms associated with COVID-19 (distinguishing them from the common cold), and implement a policy in place regarding procedures once it is confirmed that an employee has symptoms of, or has tested positive for COVID-19. Not repeated enough, COVID-19 carriers can be asymptomatic. As such, employers must be mindful that all persons may be weapons of the virus and precautions taken accordingly. This unprecedented pandemic has forced many to interpret many different areas of law quickly in order to protect their employees. The CDC has given guidelines to help employers prevent the spread of the virus, but this is a moving area of law and employers with privacy concerns should deal with situations on a case by case basis by reaching out to experienced workplace privacy counsel.

– Hemu Nigam with Zachary Tomlinson

Hemu is an adjunct professor at Pepperdine Caruso School of Law where he teaches Business Perspectives in Workplace Privacy and Data Privacy and Security. He is also the head of Cyber Security Affairs specializing in cyber security, privacy and intelligence related legal and consulting services.

Zach is currently a 2L at Pepperdine Caruso School of Law and a legal intern at Cyber Security Affairs.