Maintaining Confidentiality during Medical Leaves: FMLA and ADA Compliance

Jul 24, 2023 | Business Law

Maintaining Confidentiality during Medical Leaves: FMLA and ADA Compliance

In today’s post-pandemic world, employee leave is an issue at the forefront for large and small businesses alike. Whether an employee is on continuous or intermittent leave to care for themselves or a family member, the Family and Medical Leave Act (FMLA) and Americans with Disabilities Act (ADA) restrict sharing information about the employee or family member in essentially the same way.

These laws require that employee medical information remain confidential. A human resources department may share only some essential information with the employee’s manager relating to accommodations or duration of absence.

With both an aging workforce and illnesses like long COVID affecting the American population, employers should understand their FMLA and ADA confidentiality compliance obligations. By understanding how to best maintain employee medical confidentiality from the outset, employers can accommodate and potentially retain workers and avoid costly lawsuits.

What Are an Employer’s Obligations Under the Family and Medical Leave Act?

When considering FMLA confidentiality obligations, employers should first consider how the records are maintained (e.g., Are the records on paper? Are they on a computer drive? Who has access to the drive?).

Second, employers need to know who is affirmatively told about the employee’s condition. Employers should only share medical information when it is necessary to do so.  The FMLA regulations themselves are more general and provide only that records shall be maintained in conformance with the ADA confidentiality requirements. Exceptions to that general rule include:

  • Supervisors and managers may be informed about necessary restrictions on an employee’s work or duties and needed accommodations.
  • First aid and safety staff may be told, when appropriate if the employee’s physical or mental condition might require emergency medical treatment.
  • Government officials investigating compliance with the FMLA or other pertinent laws shall be provided with relevant information upon request.

The ADA regulations are nearly identical, and compliance with one typically means an employer is complying with both. When developing policies for FMLA and ADA compliance, employers should consider not only how information is shared but also how it is stored. We will discuss this more below. 

Are There Other Types of Leave Employers Should Be Aware Of?

Some states have their own laws concerning family and medical leave. New York, for example, has a Paid Family Leave program that applies to certain employers. Be sure to check with counsel to confirm whether you may have state-specific compliance obligations as well as federal.

How Can Employers Comply With Confidentiality Obligations?

The first way employers can comply with FMLA confidentiality obligations is by establishing clear, consistent FMLA policies. When employees and supervisors alike understand what the employer’s policies are for providing leave, documenting leave, and communicating information, internal “need-to-know” expectations are much more clear. 

Second, employers need to have a strong protocol for internal file maintenance. Carefully and quietly telling only required information to select supervisors is of little use if the entire company has access to an employee’s confidential file.

Third, understanding the kinds of leave an employee can request can help smooth the communication process and enhance confidentiality. Types of leave an employee can request include both continuous leave and intermittent leave.

Continuous leave is when an employee is out of the office for an uninterrupted period of time. Intermittent leave is where an employee may take a few days off—or even depart from the office early—intermittently. In each of these cases, management needs to communicate to the employee’s supervisor to achieve adequate cover for the employee’s job responsibilities and ensure that the employee, their manager, and their covering colleagues can be appropriately accommodated.

What Are the Consequences for a Breach of Confidentiality?

If an employer fails to secure employee medical information, they may find themselves in court. The FMLA and the ADA provide employees with the right to sue employers who fail to protect employees’ sensitive information.

A real-world example of this occurred in a 2003 case called Doe v. United States Postal Service. There, John Doe disclosed his HIV-positive status to support his need for FMLA leave.

The information was shared with his colleagues, and he was ridiculed and bullied. Doe sued, and while the district court agreed with the employer that Doe had no right to confidentiality, the appeals court reversed, stating that FMLA and the ADA do not force an employee to choose between seeking leave and their right to privacy.


When it comes to employee leave requests, confidentiality is key. Employers can expect to see more employee leave requests as their workforces age. By ensuring the confidentiality of your systems and your supervisors, both large and small employers will be prepared to keep employee medical information confidential.