Handling PHI & Sensitive Medical Details
Why medical diagnostics must never be entered into AI prompts, and how to discuss accommodations anonymously.
The Risks of Processing Health Data
Under the Health Insurance Portability and Accountability Act (HIPAA) and the Americans with Disabilities Act (ADA), employee medical information is subject to strict confidentiality protections. Managers must never store, email, or process specific medical diagnoses or health statements in non-medical databases.
Scrubbing Protected Health Information (PHI)
Our AI risk checker evaluates communication tone, timing, and legal risk markers. It does not require medical facts to do this. You should always generalize medical circumstances before scanning. Follow these replacement standards:
- Instead of: "Since your chemotherapy treatments start next Monday..."
- Use: "Since your [scheduled medical treatments] start next Monday..."
- Instead of: "Your clinical depression has affected team meetings."
- Use: "Your [medical condition] has affected team meetings."
Best Practices for Accommodation Discussions
When documenting reasonable accommodation discussions under the ADA, focus strictly on the functional limitations and the requested support, rather than the underlying disease or symptom details. For example, document "Employee requested a modified ergonomic keyboard" instead of "Employee's severe rheumatoid arthritis is worsening."