Help me sort out my conflicting thoughts about this vaccination issue
May 20, 2014 1:55 PM   Subscribe

My workplace offers free flu vaccinations and is aiming for a certain percentage of staff to be vaccinated this year. I had mine; I'm all for vaccinations, think anti-vaxxers are dangerous, would definitely vaccinate my hypothetical kids, might even discourage them from playing with unvaccinated kids; everything is fine. The staff clinic have sent memos to department heads with a list of staff who have not been vaccinated through the clinic, with instructions to mark who has received the flu vaccination elsewhere, who is planning to get it, and who does not want it at all. My manager has put this list up on the noticeboard for those on the list to come and check off their own names (I presume it is easier than for him to track down every staff member directly). I want to ask him to take this list down.

I don't know why, but it makes me feel very uncomfortable to have what I think is personal health information out in the open. However, in my own head I can make strong arguments against this: my name is not even on the list! I readily volunteer my immunisation status in casual conversations with colleagues - it's not a secret! A minimum percentage of vaccinated staff is important for herd immunity! It's not like a list of who has had, say, pap smears or something - unvaccinated people can affect us all!

I also feel that the staff clinic should be contacting unvaccinated staff directly, like they do regarding our vaccinations for blood-borne illnesses. My manager should not need to know who has had this optional vaccination. What if they were to deny paid sick leave to an unvaccinated person who got sick? ( Obviously this is illegal, but theoretically possible in the future).

I guess I am having trouble reconciling my strong pro-vaccination outlook with my confused feelings about this little issue and would appreciate your perspective. Should I ask my manager to take this list down?
posted by Naanwhal to Health & Fitness (29 answers total) 1 user marked this as a favorite
"Boss, I feel like having this list posted violates our employees' privacy. It's a small violation, but it's a violation nonetheless. I think that the clinic should be doing this directly, just like they would about the other vaccinations."

If he does, then great. If not, think about whether you want to escalate it to HR.
posted by Etrigan at 1:59 PM on May 20, 2014 [22 favorites]

I'm totally with you on this one, I think it's inappropriate.
posted by Dansaman at 2:01 PM on May 20, 2014 [2 favorites]

Have any on the people who don't want the vaccinations gone to the manager? Maybe they've already expressed their opinions. Maybe they don't care. Have you asked any of them? I'm not comfortable with people who are outraged/distressed on my behalf, esp. over an issue that affects me and not them.
posted by Ideefixe at 2:03 PM on May 20, 2014 [2 favorites]

I'm very pro-vaccine, but it's a violation of people's medical privacy. I don't think you really need to say anything more than that, but I can think of some possible complications. I don't think there are very many contraindications for a flu vaccine, but there are a few, and it's not fair to employees to put them in a position where they might feel they had to reveal those medical issues to their boss or coworkers. Same with religious objections: if people's religious or other beliefs prevent them from get vaccinated, then that's between them and HR and is not something they should be interrogated about by random co-workers in the breakroom.
posted by ArbitraryAndCapricious at 2:03 PM on May 20, 2014 [5 favorites]

A name connected to a status is HIPPA protected health information. (assuming you're in the US)

Probably it was a violation for that clinic to even email that to your boss.
posted by fontophilic at 2:04 PM on May 20, 2014 [31 favorites]

I feel that stuff like this is the thin end of the wedge, and I push back whenever I encounter it at work. Sure, this is just a very little thing - but when everyone gets used to the idea that "innocuous" medical information should be totally public, what is the next step? Employee medical history should not be out in the open, no matter how trivial the specifics.

I think you should use Etrigan's formulation, possibly prefacing it with "you know I'm extremely pro-vaccination, but I'm a little worried about posting this list because...."
posted by Frowner at 2:04 PM on May 20, 2014 [4 favorites]

Plenty of pro-vaccine people choose not to get the flu vaccine for various health reasons (prior reaction, pregnancy, etc). They may not want to disclose to their coworkers the reason they are unvaccinated.
posted by melissasaurus at 2:04 PM on May 20, 2014 [12 favorites]

I'd just mention that you think it's a potential HIPAA violation. Who knows if it actually is or not; HIPAA is like a million pages long and has so many exceptions and various rules and exceptions to exceptions that you'd need a lawyer to figure out if it is or not.

Saying "this makes me uncomfortable" makes the problem all about you. Saying "I think this could increase our liability" makes it about the business, and you're just being a dutiful employee in pointing it out.
posted by Kadin2048 at 2:05 PM on May 20, 2014 [11 favorites]

I'm not sure that this is in the US, so HIPAA wouldn't necessarily be relevant here. I think it's more likely to be flu vaccine season in the Southern hemisphere, right?
posted by ArbitraryAndCapricious at 2:05 PM on May 20, 2014 [2 favorites]

Are you in the US? If so, the staff clinic may be in violation of HIPAA. What sort of treatment you've received, preventative included, falls under protected medical information. The clinic distributing this information to managers is highly inappropriate. Your manager putting it up in a public area is even more inappropriate.
posted by quince at 2:05 PM on May 20, 2014

If you're in the US, this sounds like it could be a huge HIPPA violation, yes.
posted by rtha at 2:07 PM on May 20, 2014 [1 favorite]

I'd just mention that you think it's a potential HIPAA violation. Who knows if it actually is or not; HIPAA is like a million pages long and has so many exceptions and various rules and exceptions to exceptions that you'd need a lawyer to figure out if it is or not.

The good thing about this strategy (that I had to use a number of times at a previous job) is that people in charge tend to quickly get CYA over this, rather than actually go to the lawyer and really hash out whether their bulletin board is a HIPAA violation.
posted by griphus at 2:08 PM on May 20, 2014 [1 favorite]

I take all vaccines except the flu vaccine, and my doctor agrees that's the right medical decision for me. I would find it disturbing if my "staff clinic" (what's that, exactly?) shared that medical history with my manager, who then posted it on a board. This is just too far from what should be allowed in the workplace. How much of your personal life is an employer entitled to? I think this is goes too far.
posted by Houstonian at 2:11 PM on May 20, 2014 [3 favorites]

Regardless of whether one is pro- or anti- flu vaccine:

This sounds like a violation of health privacy laws (HIPPA, as previously mentioned). In fact, your boss should not even HAVE this information about his or her subordinates, and the clinic violated privacy by e-mailing it to him.

I'd approach him first, then escalate it to HR if nothing is done about it.
posted by tckma at 2:12 PM on May 20, 2014

Further, unless you work in the health care field, and there are reasons to mandate the flu vaccine in your work environment, your employer clinic has no right to push flu vaccines on employees. Employees should not have to share whether or not they got the flu shot at another location, either.

Your employer is not (in most cases) your mom, nor your doctor. So they have no right to tell you what medical care to get, or not.
posted by tckma at 2:15 PM on May 20, 2014 [2 favorites]

I hate to parrot the party line, but if you want to see it gone, I would visit a lawyer who specializes in HIPAA. Alternately, seek one who is willing to say they're familiar with HIPPA.
posted by ftm at 2:18 PM on May 20, 2014

"I worry this exposes us to potential legal liability."

10 magic words anywhere big enough to have an HR dept.

(There's a big leap between "Everyone who can medically do so should be vaccinated..." and " we should make that info public.")
posted by PMdixon at 2:23 PM on May 20, 2014 [7 favorites]

my name is not even on the list
This is still about you. Your name being absent means that you have had a vaccine. That is a violation of your privacy, whether you'd volunteer the info or not. I agree that this is highly invasive and would feel just as uncomfortable in the same situation.

the staff clinic should be contacting unvaccinated staff directly, like they do regarding our vaccinations for blood-borne illnesses Right, they have a business reason for having your health info. Your boss does not.
posted by soelo at 2:28 PM on May 20, 2014 [2 favorites]

To confirm - I'm not in the US, although I imagine we have some equivalent privacy laws. Yes, I work in the health care field, but our department has no direct contact with patients/flu-vulnerable people. (We do have other mandatory vaccinations due to the nature of our work.)
posted by Naanwhal at 2:28 PM on May 20, 2014 [2 favorites]

I'd just say, "In the interest of everyone's privacy, I think it would be a good idea to let people decide for themselves about vaccination and having this list up robs everyone of their privacy."

There are some people who can't have the vaccination, for whatever reason, and frankly, they shouldn't have to explain to anyone why they're not getting it.

You're 100% right.
posted by Ruthless Bunny at 2:32 PM on May 20, 2014 [1 favorite]

"Hey, Boss! I know it's time consuming to track down everyone who didn't get a flu shot and see whether they still want one or what. How about I take care of it?"

Take the list down and make the rounds yourself. Frame it as, "So did you get a flu shot? Do you want to?" And then note their response as required.

I don't really see this as a privacy thing as long as it's not a list of names posted on a wall somewhere. I mean you would do the same if there was birthday cake in the breakroom, right? This is an amenity that your workplace is offering, and it's reasonable to make sure that everyone has been given the chance to avail themselves of it.

I would stay far, far away from pro or anti vax stuff, which IMO does get into privacy invading territory. Just "did you", "do you still want to?", and done. You mention the staff clinic having an interest in knowing if people got flu shots elsewhere or have declined to be immunized for a specific reason. I would just not directly ask that, but note it if the person volunteers that information. If the staff clinic wants to get into it with individual flu shot decliners, that's their business and not really germane to the "did you get your flu shot this year, check yes or no" memo.

I think it's absolutely fine for the staff clinic to know who took advantage of their flu shot campaign and who didn't. Otherwise how will they know whether they're reaching the staff, if it's worth doing in the future (for instance if people are largely against it or tend to get them elsewhere and don't need a workplace flu shot program), etc. I also think it's the responsibility of the company to make sure employees know that these programs are being offered in the first place.
posted by Sara C. at 3:18 PM on May 20, 2014

Since there's a company-created process to follow to get people to have a flu jab, then maybe the company could create a poster, or something, to let people know that they can walk down the hall and get it done within 10 minutes. Tack on a bit about how if someone wants it noted that they've already been jabbed elsewhere, they can update their personnel files at the same place. Even if the company won't/can't change the poster, you could mention to the jab drive to everyone and give them the details of the when and the where.

If the company's intention is merely to have a certain percentage of the staff be individuals who are known to be vaccinated, I think the above would go a long way to improving numbers. Advertising the service is the best way to get people to use it - they can't use it if they don't know it exists. Even if people don't use it, knowing that they can be registered as, for example, being jabbed at their doctor's office will likely bump the numbers.

There's no need for individuals to disclose whether or not they have had a flu jab. That's between them and their doctor. Asking someone if they're aware that the company has this programme doesn't require an individual to say whether or not they're vaccinated, the asking of which is incredibly nosy. If the company I work for started asking me such personal questions, I would simply refuse to answer, either positively or negatively. Even if someone is vaccinated, they may still not want to disclose that. If the point of this is to increase the numbers of staff members who are known to be vaccinated, then they can do that without the weird public pseudo-shaming that's going on here. The fact that they're asking who doesn't want it is creepy and makes me wonder what they're going to with that information.
posted by Solomon at 3:57 PM on May 20, 2014

I work in health privacy and yeah, I think that's a really bad idea. Almost certainly for compliance risk reasons, but also just personal confidentiality. It's no one's business whether you get a health procedure done to you.
posted by Sebmojo at 4:45 PM on May 20, 2014

To confirm - I'm not in the US,

Well, where are you then?

This is a major workplace violation in the U.S. and modern western nations. However, it likely is not a violation in developing nations, or countries with socialist/quasi-capitalist/traditional workplace practices. Knowing where you are is an enormous detail towards a successful approach.
posted by Kruger5 at 4:53 PM on May 20, 2014 [2 favorites]

> I mean you would do the same if there was birthday cake in the breakroom, right

"Would you like some cake?" is not the same as "Let's discuss your medical history."
posted by The corpse in the library at 7:46 PM on May 20, 2014 [2 favorites]

If you're in Australia, the Australian Privacy Principles are likely to apply. Depending on what state you're in, there are also likely to be health privacy principles - for example, the NSW health privacy principles say that your health information can only be used for the purpose they collected it for, or a directly related purpose you'd expect.

It sounds to me like your staff health clinic may be in breach by disclosing it to your manager, and your workplace might be in breach for putting it on the wall. It's not at all weird to feel uncomfortable about having your health status put up on the wall for your coworkers to see, even if it's something you're comfortable with like your vaccination status.
posted by escapepod at 7:54 PM on May 20, 2014 [1 favorite]

I agree that this is inappropriate; even if it's not illegal (which it might or might not be), it invites people to ask colleagues whether they have been vaccinated and why not. I'm 100% pro-vax, but I still don't think it should be public. I mean, what if someone is immuno - compromised and can't get the vaccination - they should not need to disclose that to a coworker, but might feel uncomfortable suggesting that the list be taken down.
posted by insectosaurus at 8:18 PM on May 20, 2014 [2 favorites]

I know this is not in the US, but for the benefit of people who happen upon the thread:

1) It's HIPAA, not HIPPA.

2) The description here is not enough information to determine whether the actions here violate HIPAA. It's a very complex law, as someone else mentioned, and not nearly as universally restrictive as people would like to think that it is. This is important to impress upon people since HIPAA does not afford all of the privacy protections that people would like.
posted by JohnLewis at 5:48 AM on May 21, 2014 [3 favorites]

For USIANS: In similar situations your company may not be in violation of HIPAA, because they are not bound by the law, but the clinic certainly is. HIPAA violations include the loss or misuse of identifiable medical information that includes a person's name, ID, etc, and any medical information in combination. It is not a HIPAA violation for the clinic to provide the information to your company because information that can't be properly distributed is useless. The violation comes when the information is posted improperly. Ultimately it is the clinic's responsibility to be sure that the information is used properly and within the law. The clinic should have asked what the information will be used for.
posted by Gungho at 7:37 AM on May 21, 2014 [1 favorite]

« Older Best way to create an outdoor play area for kids...   |   Where do I find a giant fan? Newer »
This thread is closed to new comments.