Do Google Searches and Friend Requests on Employees and Applicants Violate the Law? Final Regulations for Genetic Information Nondiscrimination Act Pose New Compliance Issues for Employers

by Abbey Moland

Moland, Abigail
(402) 341-3070

On November 9, 2010, the Equal Employment Opportunity Commission (EEOC) issued final regulations regarding the nondiscrimination requirements of the Genetic Information Nondiscrimination Act (GINA). Title II of GINA prohibits using genetic information as a basis for employment decisions, restricts acquisition of genetic information by employers and limits disclosure of employee genetic information.  While not every acquisition of genetic information violates GINA, the final rule makes it clear that Title II of GINA does restrict requesting, requiring or purchasing genetic information.

Some of the more common situations which arise in the employment setting are addressed below.

  • Social Media.  In general, employers that obtain genetic information inadvertently through the use of social media probably do not violate GINA. Some examples of inadvertent acquisition of genetic information would include: (1) learning protected information about an employee or applicant by doing a simple Google search of their name; or (2)  learning genetic information from an employee’s social media site if the employee has given the employer permission to access their information on that site (i.e., they have accepted the employer as a Facebook friend or LinkedIn contact).  The final rules make clear, however, that performing a search or asking questions on a social media site that are “likely to result in uncovering genetic info” would violate GINA.
  • Employer-Sponsored Wellness Programs.  The regulations clarify how GINA applies to voluntary wellness programs and the health risk assessments that are used in conjunction with such programs. In general, employers may not offer a financial inducement for employees to provide genetic information. However, employer’s may offer financial inducements for employees to complete a health risk assessment that includes questions about family medical history or other genetic information if: (1) the assessment specifically identifies which questions request genetic information; and (2) the employer makes clear, in language that is reasonably likely to be understood by those completing the health risk assessment, that the questions are optional and the financial reward will be provided to employees regardless of whether or not they complete that portion of the assessment.
  • Employment-Related Requests for Medical Information.  The regulations also provide specific language that employers can use in medical inquiry forms, such as pre- and post-offer medical exams and fitness-for-duty exams. By using this “safe harbor” language, employers can avoid liability under GINA should they receive protected genetic information in response to those inquiries. When a covered entity warns anyone from whom it requests health-related information not to provide genetic information, the employer may take advantage of a specified “safe harbor” exception if it receives such genetic information. If a medical provider discloses genetic information to the employer in spite of that warning, the disclosure will be deemed inadvertent and not in violation of GINA.
  • Family Medical and Leave Act.  The final regulations continue to recognize an exception for information requested pursuant to the Family and Medical Leave Act (FMLA). Typically, individuals requesting leave to care for a seriously ill family member under FMLA or similar state or local law will be required to provide family medical history (for example, when completing the certification form required by the FMLA).  A covered entity that receives family medical history under these circumstances would not violate GINA.  It is important to note that family medical history received from individuals requesting leave pursuant to the FMLA, similar state or local laws, or company policies, is still subject to GINA’s confidentiality requirements and must be placed in a separate medical file and treated as a confidential medical record.

In light of these final regulations, employers should seek to evaluate internal EEO policies and controls to protect against the improper request for and receipt of genetic information. Employer’s may also want to consider preparing “safe harbor” notices to be included in otherwise lawful requests for medical information.

Share Button