US flag Official website of the Department of Homeland Security

How should a manager treat medical information in order to avoid a violation of the Rehab Act?

How should a manager treat medical information in order to avoid a violation of the Rehab Act?

  • Keep medical information in separate files marked “Confidential.”  If the medical information is part of a larger issue, for example, a disciplinary decision, keep the medical information in a folder separate from the rest of the documentation and mark it “Confidential.” 
  • Use password protection to transmit medical information via email when sending internally or externally.
  • Guard against inadvertent disclosure.
  • If you are working on an employee’s application for family and medical leave, cover any medical information when others come into your office.
  • If you are talking to an employee about his or her medical information, do so out of the hearing of others.
  • If you have a file containing medical information on your desk when you leave your office, however briefly, return the file to a locked cabinet or close or lock your door.