DOT Drug Testing and HIPAA

23 Jun 2016

Today the Department of Transportation (DOT) transmitted an email to all subscribers on their List Serve to explain the stance of DOT on Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicability to the regulated testing programs for DOT and the US Coast Guard. To review DOT stance on HIPAA and the DOT drug and alcohol testing program - Click Here.

The question that was asked was: “Are employers and their service agents in the Department of Transportation (DOT) drug and alcohol testing program required to obtain employee written authorizations in order to disclose drug and alcohol testing information?”

The short answer is no, a signed release from the employee is not required for the release of protected health information.

The next question should be “why not”?

The notice published by DOT, Omnibus Transportation Employees Testing Act of 1991 is primarily the rationale of why but there are additional reasons for the response of why not.

Briefly the legislative and regulatory history of HIPAA is outlined.  HIPAA, Public Law 104-191, was enacted on August 21, 1996.  The Secretary of Department of Health and Human Services was tasked with the implementation of HIPAA. The regulations that govern HIPAA can be found at 45 Code of Federal Regulations (CFR) Part 160 and part 164 Subparts A and E.

While it was passed in 1996, the first regulations were not published as a proposed rule until November 1999. Over 52,000 comments were received with the Final Regulation (AKA) the Privacy Rule, being published late December 2000.

However, that was not the end of the HIPAA rulemaking process as in March 2002, The Department of Health and Human Services (DHHS) released for public comment modifications to the Privacy Rule which in turn elicited over 11,000 comments.  This modification was published in final form on August 14, 2002.

HIPAA, as an administrative procedure, required DHHS publicize standards for the electronic exchange, privacy and security of health information. HIPAA also required the Secretary of DHHS to issue privacy regulations governing individually identifiable health information. HIPAA informed employers that employee medical records were protected as confidential medical information and does include regulations to govern measures that employers must take to protect employees’ medical privacy rights and the privacy of their health information.  In addition, HIPAA also governs the exchange of medical information between parties.

How does this apply to Federally regulated drug and alcohol testing that should be asked by employers, employees and Service agents.

With all the above being taken into account, HIPAA does NOT apply to Federally regulated drug and alcohol tests.  HIPAA applies only to clinical medicine when a diagnosis is being sought through a vast array of medical procedures utilized to establish a diagnosis for a given medical condition and where a medical professional is involved in making that diagnosis.  However, in accordance with 49 CFR part 40, subpart P (Confidentiality and Release of Information), drug and alcohol test results are to be kept confidential and not released except to the tested individual.

A Federally required drug and or alcohol test does not establish a diagnosis but rather determines the fitness of an individual to perform safety sensitive functions.  There is no clinical diagnosis being made, just a determination of fitness to work.

Furthermore, HHS agreed that there is no conflict between the HIPAA rules and DOT requirements, and indicated so in the preamble to Part 164 [65 Federal Register 82593-94; December 28, 2000].

A workplace drug test is not ordered by a medical professional but is done as part of a company’s policy to achieve a drug-free workplace.  That alone takes it out of the realm of clinical medicine.

A workplace drug test is forensic medicine and not clinical medicine as the test are done to meet forensic standards and not to establish a diagnosis.