Can My Employer Call My Doctor to Verify a Note?
Explore how employers can verify medical notes while balancing legal limits, employee privacy rights, and healthcare confidentiality rules.
Handing an employer a doctor’s note often raises the question: Can they call the doctor to check on it? This issue involves workplace rules, medical privacy laws, and the specific rights of both employees and employers. Understanding the limits on what an employer can ask is key to navigating medical absences appropriately.
Legal Rights for Employers to Confirm Medical Absences
Employers generally have the right to contact a doctor’s office to verify that a note you submitted is authentic. This allows them to manage employee absences and enforce attendance policies. The contact is typically narrow, aimed at confirming the note was issued by that provider for the specified dates.
Certain federal laws provide specific guidelines. The Family and Medical Leave Act (FMLA), for instance, allows employers to contact a healthcare provider for “authentication” (confirming the provider issued the form) and “clarification” (understanding illegible handwriting or the meaning of a response) regarding medical certification for FMLA leave. However, this contact can only occur after the employee has been given a chance to resolve any deficiencies in the paperwork.
Under the FMLA, the contact must be made by specific personnel like human resources staff or a leave administrator, not the employee’s direct supervisor.1Electronic Code of Federal Regulations. 29 CFR § 825.307 – Authentication and Clarification of Medical Certification The questions must be limited to confirming the note’s validity or clarifying information related to the FMLA request, such as dates of incapacity. Employers cannot request additional medical details beyond what the FMLA certification form requires during this process.2U.S. Department of Labor. Fact Sheet #28G: Medical Certification Under the FMLA
The Americans with Disabilities Act (ADA) also sets boundaries. While it strictly limits inquiries about disabilities, it permits employers to ask medical questions or require examinations if they are job-related and justified by business necessity.3U.S. Equal Employment Opportunity Commission. Enforcement Guidance: Disability-Related Inquiries and Medical Examinations of Employees Under the ADA This usually applies when an employer reasonably believes a medical condition affects job performance or safety. This principle reinforces that any employer inquiry into medical matters, including verifying a doctor’s note, must be narrowly focused and justified by a specific workplace need.
Privacy Protections and Boundaries on Information Sharing
While employers can verify a note’s authenticity, privacy laws strictly limit the medical information they can obtain. The inquiry should generally be restricted to confirming basic facts: Was the note issued by this office? Does it cover these specific dates? Are there work restrictions mentioned?
The ADA prohibits employers from making broad disability-related inquiries unless they are job-related and consistent with business necessity. Guidance from the Equal Employment Opportunity Commission (EEOC) clarifies that employers cannot request complete medical records, as these contain information irrelevant to verifying a specific absence or accommodation request. Any inquiry must be tailored to the immediate situation. Verifying a simple sick leave note should focus only on validating the note, not the underlying condition.
Specific details about your diagnosis, symptoms, or treatment plan are generally off-limits during verification. If an employer contacts the provider directly, the provider cannot share protected health information without the employee’s explicit authorization, according to the U.S. Department of Health and Human Services.4U.S. Department of Health & Human Services. Employers and Health Information in the Workplace The verification should confirm the documentation’s legitimacy, not probe into private health matters. Only the minimum necessary information should be shared.
Any medical information an employer does obtain must be kept confidential and stored separately from general personnel files.5U.S. Equal Employment Opportunity Commission. Q&A: Enforcement Guidance on Disability-Related Inquiries and Medical Examinations Under the ADA Access must be restricted to those with a legitimate need to know, such as HR managing the absence. This ongoing duty protects sensitive health information within the workplace.
Doctor’s Obligations Under HIPAA and Similar Laws
When an employer contacts a doctor’s office, the provider’s response is governed mainly by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. This federal law protects individuals’ medical records and other identifiable health information, known as Protected Health Information (PHI). Doctors’ offices are typically “covered entities” under HIPAA and must comply with its rules.
The core principle of the HIPAA Privacy Rule is that a provider cannot use or disclose PHI without the individual’s valid, written authorization, unless a specific exception applies.6U.S. Department of Health & Human Services. HIPAA Privacy Rule Disclosures for treatment or payment are generally allowed, but sharing information with an employer for verifying sick leave usually is not. According to federal guidance, a provider generally cannot disclose PHI to an employer contacting them directly without the patient’s prior consent.
This means the doctor’s office staff must avoid revealing any PHI during such calls. PHI includes diagnoses and treatment details, but also information confirming that an individual received services from that provider. Therefore, even confirming a note’s authenticity or dates of service could be an improper disclosure under HIPAA without patient authorization. While limited exceptions exist (like disclosures required by law for certain work-related illness reporting), verifying a standard doctor’s note typically doesn’t qualify. The doctor’s primary obligation under HIPAA is to protect patient privacy by refusing to share information unless the patient has given explicit permission.
When Written Consent Might Be Required
While employers can perform basic verification, obtaining more detailed medical information almost always requires your explicit written permission. This balances the employer’s need to manage absences with your right to privacy. If the employer’s questions go beyond confirming the note’s existence and dates, or clarifying information already provided (like under FMLA rules), your consent is necessary before the provider can legally share more.
Written consent is often needed when an employer seeks details about your underlying condition, prognosis, or treatment plan, or information needed to evaluate a request for a reasonable accommodation under the ADA. If an employer needs information to verify a disability or understand the need for accommodation, your written authorization is typically required before the doctor can disclose such details.7U.S. Equal Employment Opportunity Commission. Enforcement Guidance: Reasonable Accommodation and Undue Hardship Under the ADA
For consent to be valid under HIPAA, it must be in writing and meet specific criteria. A valid authorization needs to clearly describe the health information to be disclosed, name the provider authorized to disclose it, name the employer representative authorized to receive it, state the purpose of the disclosure, and include an expiration date. It must also have your signature and date, and inform you of your right to revoke the authorization and the potential for re-disclosure by the recipient.
If your employer needs information beyond the basic facts of the note—perhaps for managing extended leave or assessing fitness for duty—they will likely need you to sign a specific authorization form meeting these standards. Without this consent, your healthcare provider is generally obligated by privacy laws to refuse releasing detailed medical information directly to your employer.
Possible Outcomes if Verification Is Denied
If an employer’s attempt to verify a doctor’s note is denied, the outcome depends on the reason for the denial and company policy. If the provider refuses to share information due to privacy laws like HIPAA (beyond basic authentication without consent), the employer may have little choice but to accept the note if it appears authentic and meets company requirements for documenting absence.
However, if the note itself is questionable (e.g., lacks required details, appears altered) or doesn’t meet company policy standards, the inability to verify it could strengthen the employer’s decision to challenge the documentation. This might lead the employer to classify the absence as unexcused according to its internal rules.
An unexcused absence can lead to consequences based on the employer’s policies, such as denial of paid sick leave for those days. It could also result in disciplinary action, ranging from a warning to termination, depending on the policy and the employee’s history.
The context of federal leave laws is also important. If the absence was requested under the FMLA and the employer sought permissible clarification or authentication, a failure to resolve issues (perhaps because the employee didn’t provide necessary authorization) could lead to denial of FMLA protection for the leave.8U.S. Department of Labor. Employer’s Guide to the Family and Medical Leave Act This means the absence wouldn’t be job-protected under FMLA and could be subject to standard attendance rules.
Similarly, under the ADA, if verification relates to documenting a disability or the need for accommodation, an employee’s refusal to provide necessary information or authorize its release can impede the interactive process. If the need for accommodation cannot be substantiated, the employer may not be required to provide it. The employer’s response ultimately depends on the reason for the denial, the documentation provided, company policy, and laws like FMLA and ADA.
Options if an Employer Oversteps Legal Boundaries
If you believe your employer improperly accessed or sought your medical information when verifying a doctor’s note, several options exist. This could happen if they obtained details about your diagnosis without your written authorization, potentially violating privacy protections.
For potential ADA violations, such as overly broad medical inquiries not meeting the “job-related and consistent with business necessity” standard, you can file a charge with the U.S. Equal Employment Opportunity Commission (EEOC).9U.S. Equal Employment Opportunity Commission. Enforcement Guidance: Disability-Related Inquiries and Medical Examinations of Employees Under the ADA The EEOC investigates discrimination charges, including improper medical inquiries. Filing a charge is usually required before suing under the ADA, and strict deadlines apply (often 180 or 300 days).
If the issue involves FMLA leave and you believe your employer violated rules about contacting providers (e.g., your supervisor called, or they sought information beyond permitted authentication/clarification), you can file a complaint with the U.S. Department of Labor’s Wage and Hour Division (WHD).10U.S. Department of Labor. Employer’s Guide to the Family and Medical Leave Act The WHD investigates FMLA complaints and can seek remedies for employees.
Reviewing your employer’s internal policies is also advisable. Many companies have grievance procedures in employee handbooks or union contracts. Using these internal channels might offer a quicker resolution. Regardless of the path chosen, documenting the situation—dates, names, questions asked, responses—is crucial for any formal complaint or internal grievance. Pursuing internal options usually doesn’t prevent you from later contacting government agencies if the issue isn’t resolved, provided you meet filing deadlines.
