As states begin to lift COVID-19 lock downs, companies are scrambling to navigate post pandemic operations, seeking effective ways to safely re-open their doors to employees and customers. To mitigate the risk of spreading the Coronavirus posed by potentially infected persons, technologies like infrared thermal detection systems (ITDS) are increasingly being deployed for large scale fever detection. The ITDS employs a thermal imaging camera to measure skin temperature by detecting and quantifying the infrared energy being emitted from the face. Because fever is a common indicator of many infectious diseases, rapid identification and intervention is a key component of the screening efforts companies are adopting to stop the spread.
With an incubation period of up to 14 days, we may begin to see fever detection systems popping up in multiple access points during travel and the course of everyday activities. For example, you may not have a fever when you enter a hotel property, but it could manifest during your stay; consequently, you might be subject to fever detection throughout your stay from entry into the building, pool area, spa, as well as onsite stores and restaurants.
Although interested in products that can assist in reopening safely, some companies are worried about the liability of violating HIPPA privacy and other civil rights when taking people’s temperature. The CDC states that “screening employees is an optional strategy that employers may use” to reduce the spread of COVID-19, and they offer recommendations on how to safely take an employee’s temperature with a traditional, disposable, or non-contact thermometer. They also recommend that if “employees appear to have COVID-19 symptoms, such as fever, cough, or shortness of breath, upon arrival to work or become sick during the day with COVID-19 symptoms, [they] should immediately be separated from other employees, customers, and visitors and sent home.
Sending people packing raises questions around the legality or ethics of post-fever detection protocols, as customers will likely also be asked to vacate the premises if an ITDS flags them as having a fever that is later verified by a manual reading.
“If I have to [ask people to leave], I want to make sure that I can legally do so and that I’m not exposing my staff or my company to additional liability,” said one business owner.
The Good News – You are likely not violating HIPPA or Civil Rights Laws if You Use Fever Detection Systems to Protect Your Employees and Patrons.
If you are a private business, you are likely not violating HIPPA privacy or civil laws when taking temperatures at your business and subsequently asking those with positive results to leave. According to the U.S Department of Health and Human Services, ITDS systems used by non- entities do not violate HIPAA laws.
What is HIPPA?
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) imposes restrictions on disclosures of protected health information only on a covered entity’s or business associate’s workforce.
HIPAA Applies Only to Covered Entities and Business Associates
Covered entities are health plans, health care clearinghouses, and those health care providers that conduct one or more covered health care transactions electronically, such as transmitting health care claims to a health plan. Business associates generally are persons or entities (other than members of the workforce of a covered entity) that perform functions or activities on behalf of, or provide certain services to, a covered entity that involve creating, receiving, maintaining, or transmitting protected health information. Business associates also include subcontractors that create, receive, maintain, or transmit protected health information on behalf of another business associate.
The Privacy Rule does not apply to disclosures made by entities or other persons who are not covered entities or business associates (although such persons or entities are free to follow the standards on a voluntary basis if desired).
Accordingly, HIPAA’s Privacy Rule does not apply to the collection, use, or disclosures of individually identifiable health information made by an employing entity in the context of worksite COVID-19 screening activities. (Baker McKenzie)
What if an employee or customer detects a fever, can I legally send them home or ask them to leave the premises?
The quick answer: Yes, you can. The long answer is: Yes, but be cautious.
It’s not only well within your rights, but you’re morally obligated to create and maintain a safe and healthy workplace.
According to OSHA [the federal Occupational Safety and Health Administration] and other state workers' compensation acts, an employer is required to provide a safe workplace for its employees.
These laws and guiding principles do not mean that you have to send a sick employee home, or that sending them home will result in violating OSHA guidelines. In regards to public safety, it should be a priority business to be watchful of potential threats to their employees and patrons and take necessary precautions to protect them.
Civil Rights Act and Americans with Disability Act
Regarding civil liberties, the Civil Rights Act prohibits businesses from denying goods or services based on race, color, religion, or national origin. Consequently, if anyone, regardless of those attributes, poses a threat to the health and safety of others within the purview or your business, you are well within your rights to request that they vacate the premises if a fever is confirmed. Likewise, the Americans with Disability Act does not apply when requiring that an employee or customer with disabilities vacate the building if they are determined to be a public health risk. In both cases, your reasoning must be a result of the workplace screenings to avoid the spread of COVID-19 and other illnesses for the purpose of protecting your workforce or customer base.
Here are some critical regulations to keep in mind when considering fever detection on your premises with subsequent vacate requests (according to global law firm, Backer McKensie):
Title II of the Americans with Disabilities Act (ADA) (42 USC § 12101 et seq.) establishes the basic rule is that, with limited exceptions, employers must keep confidential any medical information they learn about an applicant or employee (42 USC § 12112(d)(3)(B)).
Information could be confidential, even if it contains no medical diagnosis or treatment course, and even if it is not generated by a health care professional.
ADA also restricts an employer from requiring a medical examination, or making certain disability inquiries of employee, unless that examination or inquiry is shown to be job-related and consistent with business necessity.
Employers may, however, perform voluntary medical examinations as part of a worksite employee health program, and inquire about the ability of an employee to perform job-related functions.
We recommend that you consult with your legal counsel before enacting human resource policies that include fever detection systems as a “virus mitigation” strategy. It’s important to be clear with your employees on how the technology will be used and what the ramifications will be if they present with a fever as well as how they will be supported.
See the Baker McKenzie Privacy Guide for more information on how employers can deal with COIVD-19.