Tag: GINA

Posted on

EEOC says that employers legally can offer incentives to employees to get vaccinated in almost all instances

COVID-19, FMLA, mask, OSHA

Employers have been anxiously waiting for the EEOC to publish its guidance for employers on incentives offered to employees in exchange for getting vaccinated against COVID-19. Late last week, the EEOC finally released that guidance. The issue is whether the incentive renders the vaccine coerced and therefore non-voluntary, which would be unlawful under the ADA and GINA.

What did the EEOC say:

  • An employer may offer an incentive to employees to voluntarily provide documentation or other confirmation that they received a vaccination on their own.
  • An employer may offer an incentive to employees for voluntarily receiving a vaccination administered by the employer or its agent as long as the incentive is not so substantial as to be coercive, and as long as the employer does not acquire genetic information while administering the vaccines. The EEOC does not offer any guidance as to what “so substantial as to be coercive” means, but it’s safe to assume that the incentives employers are offering (a day or two of added PTO, payments or gift cards up to a couple hundred dollars) will not meet this standards and are safe. And when states are offering the vaccinated the chance to win a million dollars…
  • An employer may not offer any incentives to an employee in exchange for a family member’s receipt of a vaccination from the employer or its agent, as such incentive would necessarily require the disclosure of the family medical history of the employee, which would violate GINA.
  • An employer may offer vaccinations to an employee’s family members if those vaccines are voluntary, employees are not penalized if their family members are not vaccinated, and all medical information obtained from family members during the pre-vaccine screening process is only used for the purpose of providing the vaccination, is kept confidential, and is not provided to any managers, supervisors, or others who make employment decisions for the employees.
  • Employers may (and I’ll add, should) provide employees and their family members with information to educate them about COVID-19 vaccines and raise awareness about the benefits of vaccination.
This guidance is not earth-shattering or surprising. With more than 50 percent of the country having received at least one dose of the COVID-19 vaccine, it provides confirmation and legal comfort to those employers that have already offered such incentives. It also follows an important governmental trend we’ve recently seen across agencies—the adoption of policies intended to incentivize people to get vaccinated. Whether its PTO for vaccines, the CDC’s new mask rules, or OSHA reversing course and eliminating its prior guidance that required the reporting of adverse reactions to employer-mandated vaccines, the federal government is actively breaking down barriers that discourage or disincentivize employees from getting vaccinated.
With only 40.7 percent of the country fully vaccinated, we are a long way from the number needed to reach the all-important herd immunity, if we ever get there. While it feels like life is starting to return to normal, the COVID-19 pandemic is not over yet. Do your part and get your shot. And, if you’re an employer looking to get as many of your employees vaccinated as possible, you can rest easier knowing that the EEOC will not penalize you for offering vaccine incentives to your employees.
Posted on

CDC allows large employers to establish vaccination sites

COVID-19, vaccine, flu

The CDC released guidance permitting large employers to establish temporary sites to vaccinate employees.

The CDC on March 16 said that employers should consider opting for an on-site vaccination program if they have a large number of employees with predictable schedules and enough space to set up a pop-up clinic while still allowing for COVID-appropriate social distancing.

Employers should consider pushing employees to off-site vaccination clinics if they have a smaller number of employees, employees with flexible or non-predictable schedules, mobile employees who don’t have one worksite, or employees who’d prefer not to have their employer administer their vaccine.

Employers who choose to set up a vaccination site still must follow the EEOC’s guidelines on managing vaccines under the ADA, Title VII, and GINA (which I summarized here).

Bravo to the CDC for implementing policies to encourage as many employees to get shots in their arms as quickly as possible. It’s the only way we are going to stay ahead of the more contagious (and perhaps more deadly) variants and beat this pandemic. To this end, I highly recommend that you check out the CDC’s COVID-19 Vaccine Communication Toolkit for Essential Workers, in addition to these 5 tips on building vaccine confidence in your workplace:

  • Encourage your leaders to be vaccine champions. These leaders should reflect the diversity of the workforce. Invite them to share with staff their personal reasons for getting vaccinated and remind staff why it’s important to be vaccinated.
  • Communicate transparently to all workers about vaccination. See Key Things to KnowFrequently Asked Questions, and Myths and Facts for up-to-date information.
  • Create a communication plan. Share key messages with staff through breakroom posters, emails, and other channels. Emphasize the benefits of protecting themselves, their families, co-workers, and community. This fact sheet is available in numerous languages.
  • Provide regular updates on topics like the benefitssafetyside effects, and effectiveness of vaccination; clearly communicate what is not known.
  • Make visible the decision to get vaccinated and celebrate it! Provide stickers for workers to wear after vaccination and encourage them to post selfies on social media.

Now please do your family, friends, coworkers, me, and society in general a huge favor and get vaccinated as soon as your state allows you to do so. We are all counting on you.

Posted on

EEOC releases guidance on the COVID-19 vaccine

COVID-19, vaccine, flu

Yesterday, the EEOC published its guidance on the COVID-19 vaccine under the ADA and GINA, in the form of nine Q&As. You can read them in their totality here.

The TL;DR: yes, you can force employees to receive the COVID-19 vaccine as a condition of employment (although the should is an entirely different issue), subject to limits on reasonable accommodations for employees’ disabilities and sincerely held religious practices or beliefs and subject to limits on pre-vaccination medical questions.

That’s more or less aligned with everyone’s collective conventional wisdom on this issue. What is new in this guidance is the agency’s position on what to do with employees who refuse the vaccine for medical or religious reasons.

If an employer requires vaccinations when they are available, and an employee indicates that he or she is unable to receive a COVID-19 vaccination because of a disability, the employer must accommodate that request unless the employer can show that “an unvaccinated employee would pose a direct threat due to a ‘significant risk of substantial harm to the health or safety of the individual or others that cannot be eliminated or reduced by reasonable accommodation’ … with a “determination that an unvaccinated individual will expose others to the virus at the worksite.” Even then, an “employer cannot exclude the employee from the workplace—or take any other action—unless there is no way to provide a reasonable accommodation … that would eliminate or reduce this risk so the unvaccinated employee does not pose a direct threat.” Moreover, a direct threat determination and an exclusion of an unvaccinated employee from the workplace does not necessarily equate to termination. An employer must in this case consider alternative accommodations, including remote work or an unpaid leave of absence.

Sincerely held religious practices or beliefs present a different problem for employees since Title VII does not offer a similar direct threat defense to an accommodation request. According to the EEOC, “If an employee cannot get vaccinated for COVID-19 because of a disability or sincerely held religious belief, practice, or observance, and there is no reasonable accommodation possible, then it would be lawful for the employer to exclude the employee from the workplace.” As is the case under the ADA, however, this lawful exclusion does not necessarily equate to termination, and alternative accommodations should be considered.
The bottom line for employers? The COVID-19 vaccine is here and will be available within months for your employees. Now is the time to figure out how you will handle it for your employees. Will you require it or recommend it? Will you offer it on-site or send employees elsewhere for the vaccine? What will you do when an employee objects for medical or religious reasons? Planning is everything, and with an issue this important there is no reason to be caught unprepared.
Posted on

COVID-19 and no-fault attendance policies

pointing, worker misclassification

Can you “point” an employee under a no-fault attendance policy for a coronavirus-related absence? For example, an employee sick with COVID-19 or awaiting test results, quarantined because of an exposure, or at home because a child needs care?

For the uninitiated, no-fault attendance policies operate by having workers accumulate “points” for missing work, arriving late or other attendance-related issues; after the accumulation of a pre-determined number of “points,” employees face discipline or even termination.

During the ongoing COVID-19 pandemic, these policies are not only unnecessarily cruel, but they also might be illegal.

Generally speaking, if a law protects the absence (i.e., the FMLA or the ADA), then it is unlawful under such law to assign a point under an attendance policy for the absence. While there have not been any such cases decided under the FFCRA, one can safely assume the same logic applies. Thus, for employers with less than 500 employees, it would be illegal to assign no-fault points for absences related to:

  1. A federal, state, or local quarantine or isolation order related to COVID-19;
  2. Self-quarantine or isolation related to COVID-19 based on the advice of a health care provider;
  3. The seeking a medical diagnosis for COVID-19 after experiencing symptoms;
  4. The caring for an individual subject to an order described in (1) or isolation/quarantine as described in (2); and
  5. The care for one’s child whose school or place of care is closed (or child care provider is unavailable) due to COVID-19.
Even if the FFCRA does not protect an employee’s absence an employer must still consider whether some other law, such as the FMLA, ADA, or GINA, offers similar protection.
In other words, pointing employees for COVID-related absences is fraught with risk. It’s also unnecessarily cruel. We are all trying to do our part to halt the spread of this rapidly accelerating virus. This including isolating, quarantining, and taking care of others who are at risk or unable to care for themselves. This pandemic needs compassion and flexibility, not strict adherence to rigid policies.
Posted on

Maneuvering the complicated intersection of data privacy, health and technology

health data privacy; privacy laws; data protection

People share their experiences with depression on Twitter to show support for the mental health community. They join private Facebook groups to discuss similar health issues, without realizing that a “private” online group does not actually offer privacy protections. Companies encourage employees to be open about their health in an effort to create a “culture of health.” And employees join “HIPAA-compliant” wellness programs without realizing that the health data they log in various apps may not be protected by any law if the program is voluntary. 

When the Health Insurance Portability and Accountability Act was enacted in 1996, today’s vast digital space didn’t exist. Even if organizations comply with HIPAA, the Genetic Information Nondiscrimination Act and other laws that protect health-related data, that doesn’t necessarily mean the data is protected in many contexts. There are gaps that have yet to be legally addressed. Meanwhile, employees increasingly share health information on digital health apps or online.

Also read: Fingerprint scanners risky amid coronavirus pandemic — it’s a touchy subject

A vast amount of employee data is not legally protected. As collectors of employee data, employers should be aware of the health data privacy landscape and the concerns employees may have.

“As much as it pains me to say, [data privacy] is probably nobody’s top priority,” said data privacy attorney Joseph Jerome. “It only becomes their priority when something goes wrong or they get concerned or they hear something in the news.”

Employers in the U.S. and internationally have increasingly more data privacy regulations to pay attention to — as laws like the General Data Protection Regulation in the European Union and the California Consumer Privacy Act and Illinois Biometric Privacy Act in the U.S. move the data privacy legal environment forward. In this constantly changing world, there’s information that can help organizations navigate this complicated intersection more intelligently. 

Also read: How much do you know about your health data privacy?

Privacy Law Limitations

There is a lack of understanding of what HIPAA protections apply where, when and to what data, Jerome said. At its core, HIPAA was enacted to facilitate the portability and interoperability of health care records, not for any greater data privacy reason. “We act like this is a health data privacy law, but no. It’s designed to govern data in hospital systems,” he said.

what is health data?Employers want to learn increasingly more data about their employees, he said. They have the opportunity to do so through commercial apps that capture wellness and fitness data. “These are things that people perceive as health data, but they’re not covered by HIPAA, and they were never designed to be covered by HIPAA,” he said.  

HIPAA — and therefore what data is considered health information — is limited to covered entities like hospital systems and doctors’ offices. For example, within a health system, a patient’s email address is considered health information under HIPAA, but outside the health system, an email address is not considered health information and does not get HIPAA protection.

HIPAA also doesn’t apply to anonymized data —  the data remaining after being stripped of personally identifiable information from data sets, so that the people whom the data describe remain anonymous.

Further, anonymous data is fair game, legally. “There is no regulation of ‘anonymized’ data. It can be sold to anyone and used for any purpose.The theory is that once the data has been scrubbed, it cannot be used to identify an individual and is therefore safe for sale, analysis and use,” noted “Re-Identification of ‘Anonymized’ Data,” a 2017 Georgetown Law Technology Review article.

A concern here is that anonymous data can be easily re-identified, and it’s tough to hold bad actors accountable for doing so, Jerome said. Further, it’s hard to do anything about it once the data is already identified and public information. Unfortunately, there are realistically not enough reinforcement resources, he added.  

“That’s a real problem right now, not just in health care or employment context, but you’ve got this giant ecosystem where a lot of companies are sharing information and they’re all saying they’re good actors, they’re all saying they’re not re-identifying information, they’re all saying they’re not even using personal information,” he said. “But there’s data leakage all over the place. People are recombining profiles, and it’s very hard to attribute where the information originally came from.”

According to the Georgetown Law Technology Review article, the re-identification of anonymous data can lead to sensitive or embarrassing health information being linked to one’s employer, spouse or community. “Without regulation of re-identified anonymized data, employers, neighbors, and blackmailers have an unprecedented window into an individual’s most private information,” the article said. One of the privacy concerns some people have about their health data is that it could eventually be used against them and that they could suffer real-world implications like the loss of job opportunities, the denial of insurance or higher premiums for insurance. 

Also read: Do Employers Have a Duty to Protect Employees’ Personal Information?

Wellness Program Gaps 

The idea behind employee wellness programs is supposed to be a win-win, said Anya Prince, associate professor of law and member of the University of Iowa Genetics Cluster. Employees get healthier, and employers get lower health care costs and a more productive workforce. 

But wellness programs are often not effective at changing employee health, she said. 

“If the premise is we’re doing this to benefit employees [but] there’s not actually evidence that it’s benefiting employees, the question then becomes why are [wellness programs] continuing to happen?” she said. “The evidence shows that what they’re doing is shifting health care costs back on to employees in various ways. That’s where the concern comes in.” 

Digital health apps on employees’ phones play a part in many workplace wellness programs. But even though third-party health apps are common on people’s phones, the privacy landscape behind these apps is murky at best. 

Prince cited Lori Andrews, professor of law at the University of Chicago and director of Illinois Tech’s Institute for Science, Law and Technology. Andrews has conducted work on the types of data that medical apps collect from users, including employees in workplace wellness programs.

“Some of the medical apps are just completely bogus and don’t give you anything helpful back,” Prince said about the general health data privacy environment. “But they are collecting data on you, not just health information but geolocation and other data that’s worth money.” 

health data privacy; privacy laws; data protectionAnother trend in wellness programs is employers offering employees consumer-directed genetic tests to help them understand what medical issues they may be predisposed to and what preventative measures they can take to combat them. According to the Society for Human Resource Management, 18 percent of employers provided a health-related genetic testing benefit in 2018, up from 12 percent in 2016.

Many studies have shown that people are not aware of  the Genetic Information Nondiscrimination Act or what privacy protections they have through the law, Prince said. “GINA is quite protective in employment in the sense that employers are not allowed to use genetic information to discriminate, so they can’t make hiring, firing, promotion, wage, any decisions based on genetic information,” she said, adding that genetic information includes family medical history, genetic test results and more.

Still, she said, there are some exceptions with GINA, including private employers with fewer than 15 employees and any employee in a voluntary wellness program. 

There is currently a legal debate on whether wellness programs are voluntary or if employees feel coerced to join them, Prince said. Some wellness programs are participatory —  meaning that employees don’t need to hit a certain health outcome target to earn the incentive — but others are health contingent. Employees need to lose some amount of weight or accomplish another target measurement to get the financial benefits of the wellness program.

These programs are more participatory currently, she said. But if programs that collect genetic information become  health contingent, that could bring up ethical issues and become more invasive. 

“If you think of [Breast Cancer gene] testing, which is a predisposition to breast and ovarian cancer, one of the preventive measures right now is to prophylactically remove your breast and ovaries. My dystopian future is the employer saying, ‘Have you finished having kids yet? Get on that, so that you can remove your ovaries,’” she said.  

This discussion begs the question of who is ultimately the best actor to push people toward better behaviors and health outcomes, she said. Society has to ask if employment is the best place to do this. 

“In a way the answer is yes because we’ve created a system where health insurance and employment are so intertwined, but maybe employment isn’t the right space to be encouraging people to make the right health choices,” she said. “Maybe that should be a public health system or your primary care physician or researchers.” 

The Pentagon has advised service members not to engage in 23andMe genetic tests, said Glenn Cohen, professor of law at Harvard Law School, and faculty director of the Petrie-Flom Center for Health Law Policy, Biotechnology and Bioethics. 

There’s a major national security reason for this, he said, but part of the reasoning also has to do with protecting service members’ privacy. The military is exempted from GINA, which is the law which prohibiting genetic discrimination by employers. 

Also read: The Ethics of Artificial Intelligence in the Workplace

Consent, Transparency and Communication 

Employers could communicate with employees better, Jerome said. Privacy is more than just legal compliance, which may include a disclaimer in the company handbook or on the employees’ computers that inform them “All this can be tracked and monitored.” This can help set up the expectation for employees that they should have no expectation of privacy in anything they do at work. 

While most employers have done their legal duty, they’ve yet to have a conversation with employees about what they’re actually doing with this data, Jerome said. 

Also read: Are You Part of the Cybersecurity Solution … Or Part of the Problem?

“I get that those conversations can be difficult and uncomfortable and frankly might get employees riled up, but I think that’s probably a good thing in the end,” he said. 

Employers — who sit on large troves of employee health data — may have the legal right to share data, but that doesn’t mean employees and other parties won’t criticize them, said Cohen. “They have to be worried a little bit about how it’s going to play as a PR matter and, in an industry where they’re competing for talent, how employees feel about [it],” he said. 

When Ascension Health partnered with Google for the “Project Nightingale” initiative late last year — allowing the tech company access to the detailed personal health information of millions of Americans — it received a lot of backlash. It could be dangerous for an organization like Google, which already has so much of people’s personal data, to get access to people’s health records as well, critics argued. Supporters said it was perfectly legal.

“My recommendation in general is even if you legally have the right to share the data, you may want to think about creating some internal governance mechanisms that have employees involved in trying to decide what gets shared or not,” Cohen said. 

Practically, this could mean that the organization charters a committee that includes employers, employees and subject matter experts who can explain both the uses and the risks of adopting a certain solution, he said.

This could be a valuable decision for employers because better decisions get made and it’s better for the employer’s reputation, he said. When people find out a company has sold its employees data, it could look bad if there hasn’t been employee input in the decision. 

For most organizations dealing with health data and other personal data, their reputation is based on how they treat that data, said Ed Oleksiak, senior vice president at insurance brokerage Holmes Murphy. A data breach or misuse of data would be bad press, so the company would be incentivized to protect that data and ensure it’s used properly

When there is a health data mishap, there are a couple ways that organizations can address that breach of trust, he said. Organizations can provide impacted employees some kind of identity theft protection that will help them mitigate any harm. Further, the company is required to address whatever has resulted in the breach and do whatever it can to make sure it can’t happen again in the future. 

“Whether it’s the employer’s health plan, a hospital system, or a technology provider, everybody’s reputation is contingent on successfully mitigating that,” Oleksiak said. “You just have to start over again, and try to fill that cup of trust back up.” 

Oleksiak also suggested that employers follow a key tenet of only getting and storing the minimum necessary data. Even though people involved with employee health plans most likely want to use patient data for the right reasons, people who can hack into these systems can access everything, including more unnecessary data. 

Ultimately, this is an issue of balance. According to the aforementioned Georgetown Law Technology Review “Re-Identification of ‘Anonymized’ Data,” “data utility and individual privacy are on opposite ends of the spectrum. The more scrubbed the data is, the less useful it is.” 

Still, there are positive things companies can do with this data, Oleksiak said. No matter what privacy rules and regulations are put in place, a bad actor is going to find a way to do something that’s for their own benefit.

“Hopefully we write rules that go after people that abused their position or access to data, but still allow everybody else that’s doing it for the right reasons to get the job done,” he said.

Posted on

Court Finds That the ADA Does Not Protect Employee’s Dormant Genetic Condition

Genomic Medicine EmployersSherryl Darby has the BRCA1 gene, otherwise known as the breast cancer gene, the best known gene associated with breast-cancer risk. Approximately two months after she started working as an administrative assistant at Childvine, an early childcare provider, Darby opted to have a double mastectomy to decrease her risk of developing breast cancer in the future. Two weeks later, Childvine fired her.

Despite the close-in-time link between Darby’s surgery and her termination, the district court dismissed her ADA lawsuit.

While “normal cell growth” is a major life activity the ADA protects, the court could not find that the BRCA1 gene is a physical impairment that substantially limits normal cell growth.

Although mindful that the ADA is to be broadly construed, the Court concludes that Plaintiff fails to state a claim upon which relief can be granted. Plaintiff has offered no statutory, regulatory, or caselaw support for her “legal conclusion couched as a factual allegation” that the BRCA1 gene, like cancer itself, is a physical impairment that substantially limits normal cell growth. And the Court’s own research has found none.

It is true that the Sixth Circuit has held that some conditions, even when dormant, may constitute a physical impairment.… But this is not a circumstance akin to remission of cancer. Rather, it is, presently, the absence of cancer.

The Court’s decision should not be read to trivialize Plaintiff’s legitimate fear of developing breast cancer or minimize the transformative measures she took to avoid it. It merely recognizes that this Court’s role is to interpret, not legislate. To expand the definition of physical impairment to include a condition that might lead to a disability in the future effectively puts every employee under ADAAA protection.

Whatever issues I have issues with this decision (and I have some big ones) could have been cured by pleading this case differently. I question why Darby pleaded her protected disability as an actual disability instead of a regarded as disability. I think she would have a had a much better chance at surviving dismissal if she framed her claim as one in which her employer terminated her based in its perception of her having a disability (which does not require any proof of any actual disability) instead of any actual disability itself.

Moreover, in many cases its largely irrelevant whether the ADA covers a dormant genetic disorder because another statute already does—GINA, the Genetic Information Nondiscrimination Act. GINA prevents employers from using genetic information in employment decisions. GINA likely wouldn’t have helped Sherryl Darby, because it does not appear the issue of her having the BRCA1 gene arose until her lawsuit (and long after her termination).

This case will be often be cited for the proposition that the law does not protect an employee’s dormant genetic condition. While that is true based on how Darby pleaded her claims in this case, employers should not treat Darby as a license to discriminate, as doing so will likely violate both the ADA and GINA in many cases.