Are drug test results confidential under HIPAA?

By Elly McGuinness | Last updated: December 3, 2020

The Health Insurance Portability and Accountability Act (HIPAA) aims to protect an individual's health information and medical records. HIPAA regulations have been established to ensure that Personal Health Information (PHI) is handled securely and that a patient's right to privacy is maintained.

Governed by the U.S. Department of Health and Human Services (HHS), PHI includes medical information that could be connected to an individual. Examples include a patient's medical history and treatment information, and demographic information (e.g. the patient's name, date of birth, phone number, or email address).

Although employers are not directly regulated by the HIPAA, an employee's PHI will still be protected through their health care plan. Generally, HIPAA guidelines ensure that information is only shared on a need-to-know basis and that the minimum amount of required information is shared. The information must also be shared in a way that keeps it secure and allows privacy to be protected.

The over-arching goal is to protect the employee from discrimination. [Find out more in "Guide to understanding HIPAA as an employer"].

The implications for drug tests and confidentiality under HIPAA

Drug test results are considered to be confidential. Any medical information about an employee, including drug test results, should be kept in a separate file from general personnel records.

As mentioned, PHI can only be shared on a "need-to-know" basis. The specifics of any sharing of PHI should be outlined in a workplace's policies and procedures. As part of these policies, an employee will usually sign a consent form to allow their drug test results to be shared with the employer, or with certain individuals within the organization (for example, a Designated Employer Representative). An employer may be authorized to know the results of an employee's drug test (pass or fail), without being offered any more detailed information.

Other policies to be aware of when it comes to the privacy of drug test results

Alongside HIPAA requirements, employers should consult with a local attorney to ensure they are compliant with any applicable state laws. In some situations, protocol from the Americans with Disabilities Act (ADA) may also apply.

Workplace drug testing that falls under DOT requirements comes with specific guidelines around the disclosure of drug testing information. Positive test results will be recorded on the employee's employment record. This information will be shared with future employers of DOT-regulated job positions. [Find out more in "Who can see my drug test results?"].

Share this Q&A

  • Facebook
  • LinkedIn
  • Twitter


Drug Testing Legal

Written by Elly McGuinness

Profile Picture of Elly McGuinness

Elly has been inspiring people to make sustainable changes to their health, fitness and lifestyle for the past 15 years. She offers online solutions for people who are looking to get started on, or improve their health and fitness. She blogs regularly, writes for a number of health and well-being publications and is the published author of a holistic weight loss book.

More Q&As from our experts

Related Terms

Related Articles

Term of the Day

Generalized Anxiety Disorder

Generalized anxiety disorder (GAD) is a psychological condition in which the sufferer experiences abnormal levels of anxiety...
Read Full Term

Subscribe to the Workplace Testing Newsletter

Join thousands of employment testing and employee wellness professionals.

Go back to top