Medicare Compliance & Reimbursement

Industry Notes:

Does Your Employee Confidentiality Policy Violate The NLRA?

Even if your employee’s conduct violates HIPAA, that doesn’t mean terminating that employee won’t violate the National Labor Relations Act (NLRA).

In Rocky Mountain Eye Center, P.C. vs. International Union of Operating Engineers, Local 400, an administrative law judge (ALJ) decided that despite the employer’s “unquestionably legitimate” HIPAA compliance concerns, the employer “seized upon” those concerns to prevent union activity.

Rocky Mountain Eye Center, P.C. (RMEC) in Missoula, MT entered into a confidentiality agreement with its employees, stating that employee information is confidential and that breach of “patient or facility confidentiality” may be grounds for termination, according to a May 18 blog posting by Valerie Breslin Montague for the law firm Nixon Peabody LLP.

When an RMEC employee, Britta Brown, used RMEC’s data management system to locate colleague contact information, which she sent to a union representative with whom she was discussing organizing efforts, RMEC terminated Brown, Montague explained. RMEC’s stated reason for terminating Brown was for providing protected health information (PHI) to a third party in violation of HIPAA and the RMEC confidentiality agreement.

But the ALJ decided that instructions to employees and the practice of using the data management system to access employee contact information removed the confidentiality protections for such information, Montague said. Also, this “precluded RMEC from using the defense that the employee’s actions merited discipline under HIPAA.”

Moreover, RMEC’s confidentiality agreement violated the NLRA because of its overly broad prohibition on discussing employee information without an exception protecting employees’ NLRA rights. Under the NLRA, individuals have a right to:

  • Form, join, or assist a union;
  • Choose representatives to bargain with the National Labor Relations Board on an individual’s behalf;
  • Act together with other employees for an individual’s benefit and protection; and
  • Choose not to engage in any of these protected activities.

As a result of the decision, the ALJ ordered REMC to (among other things):

  • Rescind or modify its unlawful confidentiality agreement, to the extent that the agreement prohibits employees from discussing and disclosing information about other employees;
  • Offer Brown full reinstatement to her former job or, if that job no longer exists, to a substantially equivalent position, without prejudice to her seniority or any other rights or privileges previously enjoyed; and
  • Repay Brown for any loss of earnings and other benefits suffered as a result of the discrimination against her.

Takeaway: “Employers who are HIPAA covered entities or business associates should consider the requirements of both HIPAA and the NLRA when faced with actions that involve both PHI and unionizing activity, and should take care to segregate employee data from patient PHI,” Montague advised. “In addition, employee confidentiality policies must not be so restrictive as to impede upon an employee’s NLRA rights.”

Link: For more on the RMEC decision, go to www.nlrb.gov/case/19-CA-134567.

 

 

Other Articles in this issue of

Medicare Compliance & Reimbursement

View All