In early June, new guidance from the U.S. Equal Employment Opportunity Commission (EEOC) stated that employers can now require workers to get COVID-19 vaccines before they are allowed back into the workplace. While it is not clear what will happen if they refuse, employees will, at the very least, have to share information about their vaccine status with their employers should their employers opt to require this information.

The Commission was careful to point out that employers are still required to provide reasonable accommodations or exceptions for employees who cannot get vaccinated for specific reasons based on the Americans with Disabilities Act (ADA), Title VII of the Civil Rights Act, and other federal laws.

The EEOC warns that employers need to be “not coercive” about how they handle the vaccine validation process. However, what is considered “coercive” is widely open to interpretation (the EEOC gave no legal examples). This ambiguity has led to a number of questions as to how these requirements will shape employment in the future. In addition, many employers are formally ending work-from-home initiatives, forcing workers to either come back into the office or voluntarily leave their jobs. Legal experts think there's enough gray area to cause a flurry of litigation as many regions ease pandemic lockdown restrictions or stay-at-home orders.

Why current guidelines say vaccine status is not private

In December, the EEOC published its What You Should Know About COVID-19 and the ADA, the Rehabilitation Act, and Other EEO Laws guidelines, where the Commission stated that a COVID-19 vaccination requirement does not infringe on any current privacy legislation such as the Americans with Disabilities Act (ADA) or HIPAA. HIPAA is the Health Insurance Portability and Accountability Act that regulates how healthcare providers can share patients’ confidential medical information, but it does not cover what employers can require.

The EEOC reasoned that requiring an employee to show proof of vaccination is not a disability-related inquiry because there could be many reasons why an employee has not been vaccinated.

Last September, Legility sponsored a webcast entitled Global Privacy in the Age of COVID-19: Navigating Unprecedented Change where the speakers clearly defined what information is considered private under worldwide laws. Vaccine status was not considered private by most laws, while the reasons for not being vaccinated as well as the actual vaccine records were considered protected.

Legal experts think that there's enough gray area to cause a flurry of litigation as many regions ease pandemic lockdown restrictions and stay-at-home orders.

Pitfalls to avoid for employers – and employment lawyers

According to law firm Gibson, Dunn & Crutcher, authors of a definitive report on data privacy, the full ramifications of COVID-related changes to data privacy and security regulations are likely to be extraordinary and wide-ranging.

The EEOC’s guidance answered some legal questions but could prompt litigation if employers aren’t mindful of myriad pitfalls. For example, employers who follow the U.S. Centers for Disease Control and Prevention (CDC) guidance and allow vaccinated employees to forgo masks but require unvaccinated employees to wear masks, may be placing themselves at risk of inciting issues between workers, or may find themselves policing the workplace and asking employees to disclose their medical information.

Second, the EEOC has also said that employers can provide incentives (like cash rewards) to nudge workers to get vaccinated. If an incentive is high enough, workers may feel pressured to disclose private medical information they would never otherwise divulge to their employers.

Third, although vaccines are fairly widely available in the United States, some groups of people may not have access to medical care and may be unfairly impacted by employer-mandated vaccinations.

Lastly, it is illegal to enforce vaccine mandates in a way that treats employees differently based on race, nationality, religion, sex, sexual orientation or identity, pregnancy, disability, age, or genetic information. Doing so would be a violation of the ADA as well as the employees’ civil rights.

Companies are also required to provide a safe workplace based on U.S. Occupational Safety and Health Administration (OSHA) guidelines. This includes limiting their employees’ risk of virus exposure and making any necessary physical adaptations to the workplace prior to reopening facilities. With COVID-19 vaccines, this could mean requiring the vaccine, providing personal protective equipment like masks or gloves, setting part-time in-office work schedules, or limiting capacity in the physical workplace.

How Legility can help

Employers should reach out to trusted legal counsel before issuing return to work mandates.