Melissa Crespo spoke with HR Magazine about federal, state, and local laws that apply to employers saving health information and may restrict vaccine or testing rules for COVID-19.
Melissa noted that the Health Insurance Portability and Accountability Act (HIPAA) does not prohibit businesses from collecting COVID-19 test results. HIPAA does not apply to employers or employment records, including employment records held by covered entities or business associates.
"However, there are a number of U.S. state laws that govern the use and disclosure of personal information," Melissa said. "Employers should take steps to understand which state laws are applicable and ensure they have implemented an appropriate information security program to protect health information like test results."
She recommended that employers collect and retain only the minimum information necessary and destroy it when it is no longer needed.
Read the article (subscription may be required).