Skip to main content

Part Five of the COVID-19 Roadmap Series: Ensuring a Safe Workplace - COVID-19 Screening and Testing

In Part Five of our Roadmap Series, we take a closer look at COVID-19 screening and testing, including best practices and legal implications, as potential tools to maintain a safe workplace. 

Can We Screen Our Employees for Symptoms of COVID-19?

Yes.  Common screening mechanisms include written questionnaires and temperature checks.  Employees may also visually inspect employees or require employees to “self-report” COVID-19 symptoms.  Whatever screening technique is used, it is important to clearly explain in writing to employees: (i) the specific screening process you will utilize; (ii) general benchmarks for passing the screenings (i.e. must have temperature below 100.4ºF); (iii) your expectations around your employees’ compliance with your process and any consequences for a refusal to participate; (iv) how you will protect employee privacy; and (v) consequences of an unsuccessful screen (i.e. being sent home from the workplace).  Employers must also make sure that the employees or contractors administering the screening are properly trained and that they obtain appropriate acknowledgments from employees. 

Questionnaire Best Practices

Questionnaires seek information such as whether the employee is experiencing symptoms of COVID-19 and whether they have come into close contact with anyone who tested positive for COVID-19 or has COVID-19 symptoms (including a member of their household), and/or whether they have come into close contact with anyone who has traveled to a known COVID-19 hotspot.  Questionnaires should be brief and designed to elicit only “yes” or “no” responses.  If the employee responds “yes” to any of the questions, designated personnel should follow-up with the employee, including asking any necessary follow-up questions, to make a determination of whether the employee would pose a direct threat to health or safety in the workplace.

You should aim to ensure that screening does not go further than necessary by keeping it narrowly focused on assessing the COVID-19 threat.  Thus, symptom-based questions should focus on whether or not the employee is experiencing symptoms identified by the most-recent CDC guidance, which currently include: cough, shortness of breath, or difficulty breathing or at least two of the following symptoms: fever, chills, repeated shaking with chills, muscle pain, headache, sore throat, and new loss of taste or smell.  Questions around an employee’s exposure to COVID-19 should focus on whether the employee came into close contact with any individual infected with COVID-19 or with COVID-19 symptoms.  As stay at home orders are lifted, questions aimed at understanding an employee’s recent travel history and attendance at public gatherings will become more relevant. 

Questionnaires could be completed by an employee at home or on-site in electronic or paper format or via a verbal exchange with designated personnel.  Because the point of screening is to identify possible health and safety threats, responses should be collected at the start of each shift, but you should also take steps to identify potentially ill employees during a shift, whether through periodic spot checks or by instructing employees to self-report.  And, if feasible, examiners should also conduct a visual inspection of the employee for signs of illness, including flushed cheeks or fatigue, and confirm the employee is not experiencing coughing or shortness of breath.  If responses are collected manually or orally, appropriate safety measures should be taken to protect the health of the person designated to obtain the responses, including appropriate social distancing measures, physical barriers or controls, and/or personal protective equipment (“PPE”). 

Temperature Check Best Practices

The Equal Employment Opportunity Commission ("EEOC") and other governmental bodies have generally sanctioned temperature screening of employees, which should check for basal temperatures over 100.4ºF (per the CDC’s guidance or as dictated by your local public health authorities).  You could conduct such a check at the beginning of the employee’s workday (which will also reduce the possibility of a potentially sick employee coming into contact with others prior to their temperature check), at random and/or set times during the workday, and/or after observation of an employee exhibiting COVID-19 symptoms.  Some state and local jurisdictions, including Delaware, Pennsylvania, and Texas, either mandate or recommend the use of temperature checks in certain workplaces (such as health care businesses and facilities; medical and dental supply delivery workers; retail businesses; and residential facilities). 

Temperature checks should be performed in a manner that maintains the privacy of the results and also takes into account social distancing measures for those waiting to be tested.  This may result in modifying shift start times and/or setting up covered temperature check stations outside to allow waiting employees to comply with social distancing requirements.  Alternatively, you could require employees to check their own temperatures at home and either submit the temperature reading to designated personnel or otherwise certify that their temperature was below 100.4 ºF – although this alternative method requires you to cede control, and in turn, the ability to verify result accuracy.  Further, you should direct employees to immediately contact designated personnel if they begin to feel unwell during their shift.  Additional recommendations include:

  • Using touchless thermometers, which are highly preferred given the transmissibility of COVID-19, although other thermometers may also be used; 
  • Using the same type of equipment for all employees and properly calibrating the equipment to ensure consistency and accuracy;
  • Disinfecting equipment following each employee screen (or at reasonable intervals if a touchless thermometer is used); 
  • Garbing the test-taker in the appropriate PPE;
  • Replacing any of the test-taker’s gear that comes into contact with an employee after each screen;
  • Incorporating other controls to protect the test-taker, including erecting physical barriers or partition controls where appropriate; 
  • As with questionnaires, supplementing any temperature check with a visual inspection of the employee for signs of illness because the absence of temperature does not always mean the absence of COVID-19; and
  • Asking employees if and when they last ingested temperature reducing medication such as Tylenol, aspirins or certain NSAID.

Finally, a log of temperature check results or recorded verbal responses and visual inspection results may be maintained so long as the information is stored in a manner that maintains confidentiality (which we discuss further below).  As an added precaution, you may record “yes” or “no” whether the tested individual’s temperature exceeds 100.4ºF in lieu of recording the specific temperature. 

Screening Failures

Any individual who “fails” a screening procedure (whether at the point of entry or by exhibiting symptoms during the workday) should be discreetly directed to an isolated, private area for further inquiry by designated personnel.  This step requires you to identify, in advance, an “isolation plan,” complete with a physical location for the isolated individual to wait that is designated and labelled as an isolation room to prevent misuse, transportation options, and PPE to issue to the infected individual.  Further questioning should ascertain whether the individual is well enough to commute home in a safe manner or whether immediate medical or emergency assistance is necessary. Questioning of employees could extend further under certain circumstances, particularly where you anticipate you may need to issue a communication to other employees (discussed below).  The designated personnel should wear appropriate PPE and the isolation area should be sanitized following the individual’s departure.  We discussed potential employer responses in more detail here.

Further, you should consider communicating your expectation that the individual will comply with the CDC’s recommendations or their medical health provider’s instructions to self-quarantine for the prescribed amount of time before being allowed back to the workplace.  The employee may typically return to work once (i) the employee is s fever-free for at least 72 hours (without medication), (ii) other symptoms have improved, and (iii) at least 10 days have elapsed since the first symptoms appeared.  Realistically, you should expect the individual to remain offsite for at least 14 days.  

You may also require fitness-for-duty documentation upon the employee’s return and may require the individual to re-submit to screening procedures, although given the extreme pressure health care providers are under, consider being flexible as to the type of documentation required to return (e.g. permitting a medical professional to certify via email that the individual is no longer recommended to quarantine). 

Depending on the circumstances, you will want to fashion an appropriate communication to other staff members.  Any communication should not disclose the name of the employee, should generally identify when/where the individual was present, and should be directed to those identified as being in close contact with the individual.  The CDC defines “close contact” as within approximately 6 feet of a COVID-19 case for a prolonged period of time, or having direct contact with infectious secretions of a COVID-19 case (e.g., being coughed on).  Further, consider implementing a 14-day quarantine period for anyone in close contact with the infected individual.  If the employer implements such measures, they should be applied equally to all workers in close contact.

Screening Refusals

You should consider what, if any, consequences will result if an employee refuses to participate in your screening measures.  Communicate those consequences to your employees in advance and train the examiners on how to address such concerns.  Consider using caution, however, before disciplining an employee for any such refusal; instead, assess the basis of the employee’s refusal, including whether they are objecting on religious grounds or because they require accommodations.  In addition, take care to apply these screening requirements and consequences consistently across your workforce (or defined subsets thereof) to avoid any inferences of discrimination.

Third Party Screening

As it relates to screening third parties such as vendors or temporary workers, for the time being, you should consider reducing or even eliminating worksite access to non-essential third parties.  But, most workspaces cannot operate in a vacuum, sealed off from the public.  There are vendors, delivery persons, customers, and/or others who may require access.  Some localities now recommend or require the screening of worksite visitors (in addition to employees).  If third-party screening is implemented, it should be aimed at neutralizing the potential spread of COVID-19 and nothing more. 

Practical realities also must be considered.  For example, temperature checks of all customers may be unrealistic in a heavily-trafficked grocery store but may be appropriate for a contractor who comes onto an employer site regularly for a project.  Advance notice should be provided to all third parties, with an option to forego worksite access in lieu of screening.  That notice could take different forms depending on the circumstances (i.e. notice on the door for office building visitors or formal communication to a contracting firm regularly on the job site plus a notice at the entrance to the job site).  Keep in mind, too, that third-parties may have a wider variety of needs than the workforce and additional screening accommodations may be necessary to comply with the Americans with Disabilities Act ("ADA"). 

Conversely, you should recognize that third parties may require your employees to be screened while engaged in business for the company.  You should make every effort to identify, in advance, whether and what third-party screening may be required and inform employees ahead of time.  You should also independently evaluate and work with the third party to determine whether such screening efforts comply with applicable law, including the ADA, and otherwise determine their efficacy.  To the extent an employee would refuse to participate with screening you determine to be reasonable under the circumstances, you should work with the third party and the employee to determine whether any alternatives are available and, absent any, whether you will discipline the employee for such refusal.  A similar set of considerations would be in play with respect testing of your employees by third parties. 

Can I Require That My Employees Be Tested for COVID-19?

Generally, yes, you can require testing of your employees to assess whether they currently have COVID-19.  It remains an open question as to whether you can require testing for a past infection, such as antibody testing.  The more important questions at this time, however, are whether and under what circumstances can and should you require testing for current infections. 

Viral or Diagnostic Testing

Viral testing is performed to determine a current infection.  In short, the EEOC has endorsed the view that employers are permitted to require viral testing.  The EEOC reasons that mandatory testing of employees must be “job related and consistent with business necessity,” and in applying that standard to the current COVID-19 circumstances, employers are permitted to take steps to determine if any employee entering their workplace has COVID-19 because COVID-19 carriers pose a direct threat to the health of others.  But this guidance does not mean that employers have free reign to test.  The EEOC also cautions that employers must ensure that any such test is accurate and reliable, and it encourages employers to review guidance from the FDA, CDC and other public health authorities to make that determination, while also “consider[ing] the incidence of false-positives or false-negatives associated with a particular test” and further that a negative test now does not necessarily mean an employee cannot test positive later.

Regardless of what the EEOC permits or does not permit, at present, it may be unrealistic for most employers to require workforce testing given its limited availability and the difficulties raised in conducting tests on-site.  A more realistic view has employers analyzing on a case-by-case basis whether viral testing may be beneficial for a certain limited set of critical, on-site employees.  Again, this may change as the testing infrastructure is built. 

Antibody or Serological Testing

Serological testing is an “after the fact” blood test that reads the body’s reaction to the virus’s presence by measuring the amount of antibodies produced by the immune system.  In other words, this test looks at whether someone had an infection previously.  The EEOC has not yet commented on whether such tests – which account for past infection – satisfy the direct threat standard, and therefore it remains unclear whether employers can mandate their use without violating discrimination laws. However, the CDC recently issued guidance warning that antibody testing results should not be used to make decisions about returning employees to work, given widespread inaccuracies in serological testing results. Employers should keep a watchful eye on developments in this regard. 

Once a Vaccine is Developed, Can I Require My Employees to Become Vaccinated? 

Likely, with some exceptions.  While currently there is no vaccine for COVID-19 and one may not be available for some time, once a vaccine becomes available, it is likely that many employers will explore mandatory vaccination policies, including those operating outside of the healthcare industry.  Past guidance by the EEOC indicates that such policies may be acceptable, provided (i) you make appropriate disability and religious-based reasonable accommodations to a requesting employee; and (ii) the accommodation would not cause you undue hardship.  In fashioning any such policy, you will also need to determine whether any applicable law prohibits (or requires) mandatory vaccination, which may include new laws in the near future. 

What are My Obligations to Protect Privacy?

There are several.  In general, U.S. privacy law provides employers with little certainty to answer questions such as what liability employers could face for sharing (or not sharing) employee exposure to COVID-19 or COVID-19 test results.  There is no single statutory source governing the treatment of your employees’ personal information, and in particular, employees’ health information.  The general fundamental privacy law principles of transparency, notice, choice, and fairness should guide your practices.  Where possible, employees should be made aware of your need to make certain disclosures to the workforce and you should give the employee reasonable choice whether to permit particular uses or disclosures.  In California, the employee’s written authorization for certain disclosures may be required.  (See Cal. Civ. Code § 56.20(c)).

Application of HIPAA?

Although most people think “health information” is automatically regulated (and protected) by the privacy and security provisions of the Health Insurance Portability and Accountability Act (“HIPAA”), most employers are generally not subject to the HIPAA privacy regulations.   Even in the limited instance where such information might be subject to HIPAA, the U.S. Department of Health and Human Services has stated that HIPAA allows disclosure, “without a patient’s authorization, [of] protected health information about the patient as necessary to treat the patient or to treat a different patient.”  (45 CFR §§164.502(a)(1)(ii), 164.506(c)).  HIPAA, if applicable, also allows disclosure in emergencies such as the COVID-19 emergency to public health officials.  (45 CFR §§164.501 and 164.512(b)(1)(i)).  If you are a California employer, take note that California’s Confidentiality of Medical Information Act regulates you as well as health care providers and health plans.  (Cal. Civ. Code §§ 56-56.37; see also id. §§ 56.20-56.25).

Preparing for Collection of Information

You should also consider confidentiality and privacy concerns ahead of time, and provide talking points to those who will be conducting screening or administering questionnaires on confidentiality and how the information will be maintained.  A simple statement regarding privacy and confidentiality should be sufficient for most businesses, but see below if you are in California.

The ADA requires that you keep all medical information confidential (42 U.S.C. § 12112(d)(3)(B) and 12112(d)(4)), including information related to symptoms of COVID-19 or a diagnosis of COVID-19.  This includes all test results, temperature screening logs, questionnaires, and other medical information being solicited from employees.  You should ensure employees and third parties, such as vendors or other visitors to the workplace, understand that such information must and will be kept confidential and that only people with a “need-to-know” will have access to the medical information.  As always, in addition to limiting the people with access, we recommend collecting the minimum amount of information necessary.

In California, if your business is covered by the California Consumer Protection Act ("CCPA"), the CCPA requires that you provide not only prior notice to employees before scanning their temperatures, but also that the notice meets the requirements of a Notice of Collection under the CCPA.  Specifically, the Notice must explain that the company will collect the employees’ body temperature and describe each purpose for which the company will use that information.  Multinational employers should seek advice with regard to locally applicable privacy laws, including the General Data Protection Regulation ("GDPR").

Finally, you must remember to store all medical information separately from personnel files under all circumstances.

Storage and Retention of Information

As discussed, for the majority of employers, the HIPAA privacy and security rules will not apply to COVID-19 related information collected from employees or visitors.  However, this information should be carefully safeguarded.  Many states have added health/medical information to the definition of “personal information” in their state data breach notification laws and unauthorized access to or disclosure of such information could trigger notification to individuals and/or state attorneys general under those laws.  Disclosure of such information even within the workplace to employees not otherwise authorized to access health information could trigger reporting obligations under some state data breach notification laws.  There are no exceptions or “time outs” during this COVID-19 emergency for security breaches under state law. 

Currently, the following states and entities include triggers for notice on lost, hacked, stolen or other unauthorized disclosure of health/medical information or health ID numbers:

Alabama, Arizona, Arkansas, California, Colorado, Delaware, Florida, Illinois, Maryland, Missouri, Montana, New Hampshire (health information statute) New York, Nevada, North Dakota, Oregon, Puerto Rico, Rhode Island, South Dakota, Texas, Virginia (medical information statute), Washington, Wyoming, and the National Association of Insurance Commissioners (many state insurance regulations).

Retention of medical information collected during the return to the workplace should be in accordance with local health guidelines, or such period of time deemed necessary to address potential claims.  The utility of certain information may be limited after a period of time – such as daily visitor temperature logs – and consideration should be given to keeping only what you need for as long as you need to keep it and securely destroying non-critical information as soon as possible.  Any information retained should be secured in locked cabinets if paper files, or encrypted at all times if electronic/digital files.  Many state data breach notification laws have a “safe harbor” from notification if electronic information is encrypted.

Parting Thoughts & More to Come

COVID-19 screening and testing is an ever-changing landscape as new information comes to light about the virus, its transmissibility and its treatment.  Keep in mind that regulations regarding screening and testing continue to change at the local, state, and federal levels.  Further, remember screening and testing do not replace critical infection control practices such as social distancing, frequent handwashing, and wearing face coverings, among others.  Finally, in a later post in this series, we will address the wage and hour law implications of employee screening and testing (such as reporting pay). 

Next up in our Roadmap Series, we address issues related to the workforce’s “return” to the new workplace.

Find more information from Mintz's COVID-19 Roadmap Series here:
Preparing for the New Workplace Paradigm Series: a Roadmap for Employers in the Time of COVID-19 

Subscribe To Viewpoints


Mintz attorney Nicole M. Rivers defends employers in employment litigation and labor matters and advises on employment best practices. She handles cases involving claims of wage and hour violations, harassment, retaliation, discrimination, breach of employment agreements, FMLA violations, and violations of California's Private Attorneys General Act (PAGA), Family Rights Act (CFRA), and Fair Employment and Housing Act (FEHA).

Michael S. Arnold

Member / Chair, Employment, Labor & Benefits Practice

Michael Arnold is Chair of the firm's Employment, Labor & Benefits Practice. He is an employment lawyer who deftly handles a wide array of matters.

Karen S. Lovitch

Chair, Health Law Practice & Co-Chair, Health Care Enforcement Defense Practice

Karen advises industry clients on regulatory, transactional, operational, and enforcement matters. She has deep experience handling FCA investigations and qui tam litigation for laboratories and diagnostics companies.
Hope regularly defends health care companies in governmental investigations and ensuing cases, conducts internal investigations, and advises providers and manufacturers regarding enforcement issues.

Cynthia J. Larose

Member / Chair, Privacy & Cybersecurity Practice

Cynthia J. Larose is Chair of the firm's Privacy & Cybersecurity Practice, a Certified Information Privacy Professional-US (CIPP-US), and a Certified Information Privacy Professional-Europe (CIPP-E). She works with clients in various industries to develop comprehensive information security programs on the front end, and provides timely counsel when it becomes necessary to respond to a data breach.