Are drug test results confidential under HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) aims to protect an individual's health information and medical records. HIPAA regulations have been established to ensure that Personal Health Information (PHI) is handled securely and that a patient's right to privacy is maintained.
Governed by the U.S. Department of Health and Human Services (HHS), PHI includes medical information that could be connected to an individual. Examples include a patient's medical history and treatment information, and demographic information (e.g. the patient's name, date of birth, phone number, or email address).
Although employers are not directly regulated by the HIPAA, an employee's PHI will still be protected through their health care plan. Generally, HIPAA guidelines ensure that information is only shared on a need-to-know basis and that the minimum amount of required information is shared. The information must also be shared in a way that keeps it secure and allows privacy to be protected.
The over-arching goal is to protect the employee from discrimination. [Find out more in "Guide to understanding HIPAA as an employer"].
The implications for drug tests and confidentiality under HIPAA
Drug test results are considered to be confidential. Any medical information about an employee, including drug test results, should be kept in a separate file from general personnel records.
As mentioned, PHI can only be shared on a "need-to-know" basis. The specifics of any sharing of PHI should be outlined in a workplace's policies and procedures. As part of these policies, an employee will usually sign a consent form to allow their drug test results to be shared with the employer, or with certain individuals within the organization (for example, a Designated Employer Representative). An employer may be authorized to know the results of an employee's drug test (pass or fail), without being offered any more detailed information.
Other policies to be aware of when it comes to the privacy of drug test results
Alongside HIPAA requirements, employers should consult with a local attorney to ensure they are compliant with any applicable state laws. In some situations, protocol from the Americans with Disabilities Act (ADA) may also apply.
Workplace drug testing that falls under DOT requirements comes with specific guidelines around the disclosure of drug testing information. Positive test results will be recorded on the employee's employment record. This information will be shared with future employers of DOT-regulated job positions. [Find out more in "Who can see my drug test results?"].
Written by Elly McGuinness
Elly has been inspiring people to make sustainable changes to their health, fitness and lifestyle for the past 15 years. She offers online solutions for people who are looking to get started on, or improve their health and fitness. She blogs regularly, writes for a number of health and well-being publications and is the published author of a holistic weight loss book.
More Q&As from our experts
- What certifications are available for employees involved in drug testing?
- What is a roadside drug screening?
- What are physical demands analysis reports actually used for?
- Drug Testing
- Hazard Identification Study
- With-Cause Evaluation
- Employee Assistance Program
- Preferred Employee Assistance Program
- Preferred Provider Organization
- Sensitive Information
- Culture of Health
Subscribe to the Workplace Testing Newsletter
Join thousands of employment testing and employee wellness professionals.
- Sleep Apnea in the Workplace: Your Comprehensive Guide to Proper Diagnosis
- DOT Drug & Alcohol Testing: Your Comprehensive Guide to Getting It Right the First Time
- An In-Depth Look at Drug Hair Testing
- 5 Ergonomics Concepts All Employers Should Know and Understand
- What Your Company's Drug and Alcohol Policy May Be Missing (and How to Get It Right)