TLDR; Medical information must be kept confidential and in a separate file from other employment records.
The Americans with Disabilities Act (ADA) prohibits employers from including medical information in an employee's general personnel file. All medical records must be maintained separate from the personnel file. Additionally, any self-identification forms required under Section 503 must also be kept separate.
Disclo is SOC-2 and HIPAA compliant as certified by Vanta. We offer HIPAA and ADA compliant Personal Health Information (PHI) management so that employers can retain and manage employee medical documentation in a safe, compliant, and private way.
Want to know more about storage of PHI and self-identification forms? Here are some of our favorite resources: