On December 1, 2021 the U.S. had its first case of COVID-19 ascribed to the omicron variant.  Cases have surged with the omicron variants since then, and on May 9, 2022 the Biden Administration stated that it expects the U.S. to record 100 million new cases of COVID-19 during the upcoming fall and winter seasons. With this anticipated spike, it will become increasingly important for employers to consider what they need to do to maintain workplace safety while balancing the privacy rights of their employees.
When an employee who has been in proximity with co-workers is diagnosed with COVID-19, employers should provide the co-workers with sufficient information to assist in determining their risk of exposure. This may include details such as the floor, office, or team on which the COVID-19 positive employee works and the general time periods during which the individual may have been present in any given location, even if co-workers might be able to deduce the identity of the COVID-19 positive employee. 
In California, if an employee is diagnosed with COVID-19 and an employer wishes to provide staff with a notice of potential exposure, the employer generally should disclose only that a co-worker has tested positive, and omit the individual’s identity to protect employee privacy. In situations where the employer desires to identify the positive employee, the employer generally will be required to first obtain the consent of the positive employee. See Cal. Civ. Code §§ 56.20(c) & 56.21.
Additionally, for employers who have staff conducting in-person work, employers may require employees to disclose if they or someone they live with are experiencing COVID-19 symptoms, such as a fever. Employers who receive this report should require the affected employee to quarantine or work from home (if possible) until cleared to return to work under the current county health department, OSHA, and CDC guidelines.
As for confidentiality, employers should look to general privacy laws when handling confidential health information. Each employer who receives medical information must establish appropriate procedures to ensure the confidentiality of that information, such as storing medical information (e.g., COVID-19 vaccination cards, test results, and doctor’s notes) separately from an employee’s HR file. See Cal. Civ. Code § 56.20(a) & (c). Beyond that, HIPAA privacy restrictions are less likely to be an issue with such information. Although an employer’s group health care plan is subject to HIPPA, employers themselves are not.
Finally, employers may find guidance in the ADA and other non-discrimination laws that is helpful in navigating workplace uncertainties during the pandemic.  The EEOC has published a guide titled “Pandemic Preparedness in the Workplace and the Americans with Disabilities Act,” which covers established ADA principals as they relate to COVID-19 and employee information in the workplace.  Issues of concern to employers may include how much information an employer can request when employees call in sick, whether an employer can take the body temperature of an employee, and whether an employer can require a doctor’s note for return-to-work purposes.
As we enter the “new normal” of endemic COVID-19 and the possibility of further variants and surges, employers will do well to remember that just as the virus evolves, so will the guidance from public health authorities. To stay current, employers should frequently check for updates from the CDC as well as local health departments, and always remain mindful of employee privacy considerations. https://www.cdc.gov/mmwr/volumes/70/wr/mm7050e1.htm  https://www.cdc.gov/coronavirus/2019-ncov/downloads/daily-life-coping/COVID-19_How-to-Determine-Close-Contacts-HTML.pdf  https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws  https://www.eeoc.gov/laws/guidance/pandemic-preparedness-workplace-and-americans-disabilities-act