top of page

Federal & Public Sector Employee Services

EEOC | MSPB | FLRA | Arbitration | FERS Disability | FERS Retirement | Terminations | Complaint & Appeal Filing | Administrative Investigations | Performance Issues | Grievances | Discovery Assistance | Case Analysis & Review | Document Review | Motions Practice

WE ARE THE ONLY EXPERTS AVAILABLE TO CLIENTS 24/7

  • Reddit
  • X
  • Facebook
  • LinkedIn
Search

Federal Workplace PHI Violations: Your Rights and Recourse in EEO and MSPB Appeals

  • Writer: InformedFED Chief
    InformedFED Chief
  • Aug 1, 2021
  • 4 min read

Updated: 19 hours ago



PHI Violation s in Federal Workspace

The management of Protected Health Information (PHI), or medical information, in the federal workplace is a high-stakes issue that often presents significant risk for agencies. With an aging workforce and increased use of FMLA, Reasonable Accommodation, and sick leave, the sheer volume of medical data flowing through federal offices is immense. Unfortunately, violations in safeguarding this sensitive data are, in our experience, alarmingly common.

Managers routinely mishandle PHI—from leaving medical documents on a desk in plain view to openly discussing an employee's medical diagnosis with staff who have no legitimate need to know.


The Legal Framework Protecting Your PHI


Several key laws mandate the strict confidentiality and proper handling of employee medical information in the federal sector:

  • The Rehabilitation Act / Americans with Disabilities Act (ADA): These acts require federal employers to maintain information regarding an employee's medical condition or history in separate medical files and to treat such information as strictly confidential. This separate-file rule is a cornerstone of confidentiality.

    See also 29 CFR 1630.14 (b)(1), (c)(1), and (d)(1).

  • The Privacy Act: This law generally prohibits federal agencies from disclosing records contained in a "system of records" to any person or agency, except pursuant to a written request by the individual to whom the record pertains, or pursuant to a specific exception.

    See 5 USC Section 552a(b).


It's critical to understand that these confidentiality requirements apply to any medical information submitted by any applicant or employee—not just those with a disability.


When Your Agency Can Request Medical Information


Federal agencies do have the authority to request and handle employee medical information in connection with employment matters, such as:

  • When the request is job-related and consistent with business necessity (e.g., connected to a disability that affects job performance).

  • In situations where an employee exhibits "unusual behavior" or the agency has a reasonable belief that the worker poses a direct threat due to a medical condition or is unable to perform the essential functions of their position.


However, regardless of the reason the information is submitted—whether voluntarily or requested—the employee has the right to expect that this sensitive information will be protected in accordance with the law and basic common sense. This applies to information submitted for FMLA, sick leave, fitness for duty exams, Reasonable Accommodation requests, and more.


Unauthorized PHI Disclosure is an Actionable Violation


Any violation of confidentiality concerning Protected Health Information (PHI) is a serious, actionable offense. Managers and agencies should not take these violations lightly.

Crucially, a violation does not have to be discriminatory in nature to stand as an independent claim. It is often referred to as a per se violation of the Rehabilitation Act. In plain terms, even if all other EEO claims fail, the improper handling of medical information remains a violation.


Examples of Actionable Violations Include:

  • Disclosure to unauthorized persons who have no 'need to know'.

  • Leaving confidential medical information unattended on an office desk.

  • Sending the information to the wrong person via email or mail.

  • Disclosing the information off duty to non-agency employees.

  • Losing the medical records.

  • Not maintaining the information in a separate medical file, apart from general personnel or disciplinary records (e.g., placing it in a "six-part folder").

  • Giving an employee's medical file to a gaining supervisor without proper justification and limitations.


Using PHI Violations in Administrative Proceedings


The unauthorized disclosure or improper maintenance of PHI can be a powerful claim in federal administrative proceedings, specifically in EEO complaints and MSPB appeals:


In Federal EEO Complaints


In the Equal Employment Opportunity (EEO) process, a PHI violation typically constitutes a distinct claim under the Rehabilitation Act.

  • Standalone Claim: Employees can file an EEO complaint alleging a violation of confidentiality, independent of any underlying claim of disability discrimination. The EEOC has consistently affirmed that improper disclosure of confidential medical information is a per se violation of the Rehabilitation Act.

  • Damages: Successful claims can result in awards ranging from minimal to significant damages.


In MSPB Appeals


In Merit Systems Protection Board (MSPB) appeals, a claim of improper disclosure or maintenance of PHI can be raised in several ways:

  • Prohibited Personnel Practice (PPP): The unauthorized disclosure of an employee's medical record could potentially constitute a Prohibited Personnel Practice (PPP), particularly if the disclosure is linked to a retaliatory action or otherwise violates the merit system principles.

  • Affirmative Defense: In a "mixed case" appeal (one that involves a serious adverse action appealable to the MSPB, such as a removal, that also raises a discrimination claim), the PHI violation can be raised as an affirmative defense under the discrimination component (Rehabilitation Act claim).

  • Relevance to Underlying Action: PHI may become relevant when an agency attempts to justify an adverse action (like termination or suspension) based on an employee's medical condition, FMLA use, or inability to perform duties. If the agency has mishandled or improperly used the employee's medical information during the decision-making process, it can weaken the agency's entire case.


Conclusion


In any administrative proceeding, your right to expect the confidentiality of your health information remains a critical protection. Federal employees should be vigilant and prepared to take action if their medical information is compromised.


If you are a federal employee who believes your Protected Health Information (PHI) has been improperly disclosed or mishandled, understanding your rights and the appropriate administrative avenue—whether an EEO complaint or an MSPB appeal—is essential. Request a free consultation by clicking here.

Recent Posts

See All
bottom of page