Employees may be eligible to receive monetary damages for disclosure of private medical information. The Rehabilitation Act (Rehab Act) requires federal managers to place employee medical information on separate forms and in separate medical files, to treat those files as “confidential medical records,” and to keep all employee medical information confidential. Such medical information may not be disclosed unless permitted by a particular exception in the Rehab Act.
Any violation of this provision is by itself a violation of the Rehab Act and entitles the employee to damages---even if the employee suffers no harm. Because the Rehab Act protects access to medical information, it is a per se violation of the Rehab Act to provide unauthorized access to an employee’s medical information---even if no one actually sees the information. The amount of damages awarded is likely to depend on how the disclosure occurred (was it inadvertent or intentional) and whether the disclosure caused any harm.