Recently, Tim Armstrong, CEO of AOL publicly revealed sensitive health information on two of AOL’s employees. He was using the example in a justification for changing AOL’s 401(k) plan for employees. After setting the Twitter universe on fire, Armstrong apologized and reversed the change in the 401(k) plan. AOL won’t say how it got the information but observers assume it came from the group health plan which administers AOL’s self-insured health care benefits. If so, the disclosure may violate the plan’s procedures. It is not clear that the specific employees have any recourse.
It is worth noting that the federal Health Insurance Portability and Accountability Act (HIPAA) does not cover information asked by employers and provided by employees, such as the ubiquitous Health Risk Assessments. HIPAA only covers disclosure of health information by health care personnel, according the Department of Health and Human Service’s website.