Home Health & Hospice Week

Lesson: Consider HIPAA and NLRA when structuring policies.

Even if your employee’s conduct breaks HIPAA rules, that doesn’t mean terminating that employee won’t run afoul of the National Labor Relations Act.

In Rocky Mountain Eye Center, P.C. vs. International Union of Operating Engineers, Local 400, an Administrative Law Judge decided that despite the employer’s “unquestionably legitimate” HIPAA compliance concerns, the employer “seized upon” those concerns to prevent union activity.

Rocky Mountain Eye Center in Missoula, Mont., entered into a confidentiality agreement with its employees, stating that employee information is confidential and that breach of “patient or facility confidentiality” may be grounds for termination, according to a blog posting by Valerie Breslin Montague for the law firm Nixon Peabody.

When RMEC employee Britta Brown used RMEC’s data management system to locate colleague contact information, which she sent to a union representative with whom she was discussing organizing efforts, RMEC terminated Brown, Montague explained. RMEC’s stated reason for terminating Brown was for providing protected health information (PHI) to a third party in violation of HIPAA and the RMEC confidentiality agreement.

But the ALJ decided that instructions to employees and the practice of using the data management system to access employee contact information removed the confidentiality protections for such information, Montague said. Also, this “precluded RMEC from using the defense that the employee’s actions merited discipline under HIPAA.”

Moreover, RMEC’s confidentiality agreement violated the NLRA because of its overly broad prohibition on discussing employee information without an exception protecting employees’ NLRA rights (see sidebar, p. 39).

As a result of the decision, the ALJ ordered REMC to (among other things):

Rescind or modify its unlawful confidentiality agreement, to the extent that the agreement prohibits employees from discussing and disclosing information about other employees; Offer Brown full reinstatement to her former job or, if that job no longer exists, to a substantially equivalent position, without prejudice to her seniority or any other rights or privileges previously enjoyed; and

Repay Brown for any loss of earnings and other benefits suffered as a result of the discrimination against her.

Takeaway: “Employers who are HIPAA covered entities or business associates should consider the requirements of both HIPAA and the NLRA when faced with actions that involve both PHI and unionizing activity, and should take care to segregate employee data from patient PHI,” Montague advised. “In addition, employee confidentiality policies must not be so restrictive as to impede upon an employee’s NLRA rights.”

Note: For more on the RMEC decision, go to www.nlrb.gov/case/19-CA-134567.