Do Employers Have to Keep a Separate Medical File?

Generally, one person in the HR department has access to medical records.
i James Woodson/Digital Vision/Getty Images

Human resources staff are trusted to maintain an enormous amount of personal information about employees. Record-keeping practices for many employment records are mandated by federal laws, such as those enforced by the U.S. Department of Labor, Wage and Hour Division and the U.S. Equal Employment Opportunity Commission. But records that concern your medical status are absolutely private and should always be maintained separately from your employment records.

Employee Files

    Employee files contain personal information about workers, including Social Security numbers, emergency contact names, salary and wage data, work authorization documents and records concerning disciplinary action and job performance. In most cases, HR staff members routinely access employee files for department activities. HR staff maintain employee files according to best practices and federal and state record-keeping guidelines. For example, wage records are subject to Fair Labor Standards Act record-keeping requirements.

Medical Information

    In addition to employment information, such as performance appraisals and attendance records, HR departments maintain health- and medical-related information on some employees. Employees with workers' compensation claims or employees who have been off work for medical leaves of absence have information that should be maintained in a separate file. HR staff may not have medical files for every employee, only employees who have a reason to submit medical information for the employer's records. In all cases, however, your employer must keep your medical information separate from standard employment information.


    The U.S. Equal Employment Opportunity Commission enforces the Americans with Disabilities Act of 1990 and its 2009 amendments. The ADA prohibits discrimination against employees who have a disability or employees who are regarded as having a disability. If you ever have to request an accommodation for a disability, it's likely that you provided medical information to your employer. These records must be maintained in a separate file because open access to the information could violate the confidentiality provisions of the ADA.


    A common misconception is that all employers are required to maintain separate medical files based on the guidelines set forth in the Health Information Portability and Accountability Act, or HIPAA. Some employers are, indeed, required to maintain the confidentiality of employees' health information according to HIPAA regulations, but that applies only to employers who cover employees under a group health insurance plan and employers who are self-insured.


    If you've ever applied for time off from work under the Family and Medical Leave Act, chances are that you've provided your employer with information about your medical condition. Documentation required for employers to approve FMLA absences includes certifying information from your doctor, which includes diagnosis, treatment plan and prognosis. All of this information must be maintained in a separate medical file and should only be accessible to the FMLA coordinator for your office.


    In a fully staffed HR department, there's usually a benefits administrator or benefits specialist who handles employee issues related to ADA, FMLA, health coverage and, in many cases, workers' compensation claims. Although most employees in the HR department have access to your employment files, only one HR staffer may have access to your medical information. Limiting access to employees' medical records helps ensure your privacy and assures that your personal medical information won't get in the hands of staff who don't have a need to know.

the nest