Employee Sharing Agreements
The purpose of this topic is to provide awareness of employee sharing agreements that have been used in contexts where sensitive or regulated data is involved, and awareness of the potential for liability in employee sharing agreements, for example if an employee in a sharing agreement violates HIPAA law. Not legal advice. Any decisions or agreements should be made with legal expertise that is informed regarding the laws in your state or jurisdiction.
Parties
Employee sharing agreements normally recognize three parties:
- The Supplying Agency (that is the entity supplying the employee)
- The User agency (that is, the entity that borrows the shared employee)
- The Shared Employee.
Sample Employee Sharing Agreements
- https://ir.journeymedicalcorp.com/financials/sec-filings/content/0001410578-22-000558/0001410578-22-000558.pdf Employee sharing arrangement between two healthcare firms - Fortress Biotech and Journey Medical - both of which had confidential data not to be shared to the other entity. Employees in the sharing arrangement were required to abide by the provisions of this agreement and honor the confidentiality of both parties. This arrangement was documented as part of a required SEC filing.
- https://www.winona.edu/hr/Media/MinnState_SharedEE-Guidelines_062021.pdf Allows employees to be shared between MN State institutions.
- https://clarkdd.org/wp-content/uploads/2020/03/Sample_Provider_Employee_Sharing_Document_Courtesy_of_OPRA-1.pdf This Employee Sharing Template makes provisions for hourly rate charges paid by the User Agency to the Supplier Agency.
Limits on what Employee Sharing agreements can be used for in court
Lott v. Westinghouse suggests that employee sharing agreements can not be used to avoid liability in cases of discrimination or other wrongdoing (legal review would be required to determine implications for any specific situation). See https://www.casemine.com/judgement/us/5e69dc464653d00aeff12199
Notes regarding access to sensitive information
In an employee sharing agreement, it may be possible for a shared employee to access confidential data that is normally reserved for the user agency, if allowed for in the specific terms of the agreement and the roles and responsibilities of the participating parties. In general, a shared employee should only have access to confidential data that is necessary for them to perform their job duties, and they should be bound by the same confidentiality and HIPAA requirements as any other employee of the user agency.
Under employment and HIPAA law, employers are generally liable for the actions of employees. This means that if an employee violates HIPAA (the Health Insurance Portability and Accountability Act) while acting within the scope of their employment, the employer may be held liable for the employee's actions. However, it's important to note that an employer can only be held liable if the employee was acting within the scope of their employment when the HIPAA violation occurred. If the employee was not acting within the scope of their employment (for example, if they committed the HIPAA violation on their own time and without the knowledge or approval of the employer), the employer may not be held liable.
In the case of an employee sharing agreement, the liability for HIPAA violations may depend on the specific terms of the agreement and the roles and responsibilities of the participating employers. Always consult with an employment lawyer and knowledgeable HIPAA specialists to determine your specific responsibilities and liabilities.
Safeguards
If a shared employee is given access to confidential data as part of their job duties, it is important for both the Supplying Agency and the User Agency to ensure that appropriate safeguards are in place to protect the confidentiality of this information. This should generally include:
- Usage agreements with clearly defined expectations, roles and responsibilities,
- Training on HIPAA and confidentiality requirements,
- Implementation of appropriate security measures to protect the data,
- Monitoring the shared employee's access to the data to ensure that it is being used appropriately.
Liability Insurance
Employers are often required to maintain one or more of the common types of business insurance. Employers may provide liability coverage for employees as part of their employment benefits. The responsibility for providing liability insurance for a shared employee in an employee sharing arrangement may depend on the specific terms of the agreement between the participating parties and the roles and responsibilities of each party.
In an employee sharing arrangement, it is possible for either the User Agency or the Supplying Agency (or both) to provide liability coverage for the shared employee. Alternatively, the parties may choose to share the cost of providing liability coverage for the shared employee. The specific arrangement will depend on the needs and preferences of the participating parties and the terms of the employee sharing agreement.