Employee sues health care provider for unauthorized disclosure in FMLA certification

Employer enforced zero-tolerance drug policy upon discovery of medical marijuana use

Posted December 9, 2016

As if administering time off under the Family and Medical Leave Act (FMLA) isn’t challenging enough on its own, one company is tangentially involved in a lawsuit that encompasses privacy provisions under the Health Insurance Portability and Accountability Act (HIPAA) and medical marijuana use in relation to an employee’s FMLA leave.

In the case, from a federal district court in Michigan where medical marijuana use is legal, an employee requested FMLA leave for her own serious health condition — a neck injury — and her employer required a certification to support the taking of the leave. What the employee did not expect, was that the certification, which was provided directly to the employer, indicated that she used medical marijuana about five times per week. The marijuana use, however, was unrelated to the condition for which she sought FMLA leave. The employee also claimed that she rarely used the drug, which was prescribed by another physician.

The employee asked her health care provider to correct the certification. The health care provider did not.

Upon learning of the drug use, the employer offered her a severance package in conjunction with her resignation in lieu of being terminated under the company substance abuse policy. Believing she would be subjected to termination, the employee accepted the severance package.

Then she sued her health care provider, claiming it disclosed protected health information in a manner that violated the HIPAA privacy rules.

The case is still pending.

Employers are entitled to request a certification from employees when they request FMLA leave for reasons such as their own serious health conditions. Employers generally do not have control over what information health care providers include in such certifications. Even if a warning under the Genetic Information Nondiscrimination Act (GINA) is included with an FMLA certification, a health care provider could inadvertently include extra information.

Under the FMLA, an employee may provide his or her health care provider with authorization to disclose protected health information directly to the employer, but is not required to do so. Employers may not mandate that employees provide such authorization to their health care providers. Employees always have the right to obtain a certification from the health care provider, and then give it to the employer.

The state marijuana laws generally do not prohibit an employer from enforcing zero-tolerance workplace drug policies. Therefore, the employer in this case, having information that the employee was using a drug, applied its policy. The Michigan law does not generally protect employees who use or are under the influence at work.

The outcome of this case could prove interesting, even if the employer isn’t called out as a defendant, it was a player in the outcome of the employee’s situation.

Lisa Richlich v. Spectrum Health Systems Inc., U.S. District Court, W.D. of MI, No. 1:16-cv-1262

HIPAA Compliance Manual: For EmployersJ. J. Keller's HIPAA Essentials Manual helps you make sense of your organization's role and responsibilities under HIPAA - the Health Insurance Portability and Accountability Act of 1996.


J. J. Keller's FREE HRClicks™ email newsletter brings quick-read human resources-related news right to your email inbox.

Sign up to receive HRClicks™.