COVID-19 Vaccination in the Workplace Financial lines claim & coverage implications
Since the onset of the COVID-19 pandemic over a year ago, numerous federal, state and local health agencies1 have provided guidance concerning steps employers should take to help them navigate COVID-19 in all aspects of the workplace. The U.S. Equal Employment Opportunity Commission (EEOC)2 has also weighed in by providing detailed guidance around employee issues and the employment laws potentially impacted by the adjustments companies have had to make as a result of the pandemic.
Recently, the EEOC has focused on whether employers can require employees to get the COVID-19 vaccination, and if they do, what legal obligations and potential pitfalls the organization might face. Using the EEOC guidance as a springboard, we will address the potential claims that can arise from an employer-mandated vaccination program and the availability of coverage for those claims under financial lines insurance policies.
Employer mandatory vaccination policies
In mid-December 2020, the EEOC announced that companies can require that employees be vaccinated against COVID-19 as long as the organization can justify that having unvaccinated employees presents a “direct threat” to others in the workplace. The EEOC defines “direct threat” to mean “a significant risk of substantial harm that cannot be eliminated or reduced by reasonable accommodation.”3 Thus, as an initial matter, companies have to determine whether the risk of having non-vaccinated employees in the workplace is significant enough and meets the definition of “direct threat” to warrant imposing a vaccination program. This will depend largely on the type of business and whether having a vaccination program can be beneficial, if not critical, to the organization’s operation. Certain industries such as healthcare, retail, hospitality, food and beverage, entertainment and others that require and are built around interaction with the public are likely to easily fall within the category of organizations that will need to consider some form of vaccination protocol in order to manage their COVID-19 exposure and minimize the associated business risks.
Vaccination exemption requests
In companies that decide to implement a mandatory vaccination policy, employees may be entitled to seek an exemption on the basis of disability or religious belief. The Americans With Disabilities Act (ADA) prohibits discrimination based on disability and requires that employers make reasonable accommodations for employees with disabilities. Title VII of the Civil Rights Act prohibits an employer from discriminating based on an employee’s sincerely held religious belief, practice or observance. The EEOC has clearly stated that if a disability or religious belief prevents an employee from receiving an employer mandated COVID-19 vaccination, the employer must provide a reasonable accommodation for the disability or religious belief unless doing so would pose an “undue hardship”4 on the business. Typical accommodations include allowing the employee to work remotely or providing the employee with personal protective equipment or gear. However, if the employer can demonstrate that such accommodations are impossible to facilitate given the nature of the business or for safety reasons and therefore subjects the organization to undue hardship, the exemption accommodation request can be denied and the employer can lawfully exclude the employee from the workplace through unpaid leave or termination.
Claims stemming from employer vaccination requirement
Given the current legal and economic environment and public debate over the issue of vaccinations, any employer mandating that its workforce get the COVID-19 vaccination as a condition to employment or continued employment may be susceptible to a civil claim for liability. The most likely claims to be filed by employees against the organization and individuals in management positions are:
Discrimination on the basis of disability under the ADA
Discrimination on the basis of religion under Title VII
Wrongful termination or constructive termination
Invasion of privacy
Possible other claims could include: physical injury, sickness or emotional distress resulting from the mandated vaccination; mishandling or denial of exemption accommodation requests; discrimination based on pregnancy or age; hostile work environment; harassment; civil rights violations; negligent handling of confidential medical information; and inconsistent application of workplace policies.
Claims could also be brought by third parties, including applicants for employment, clients, customers, vendors and other invitees who are also asked to be vaccinated against COVID-19 before being allowed access onto the organization’s premises. This could include, for example, nursing home residents or cruise ship guests.
The good news is that the majority of the claims outlined above are likely to trigger coverage under most Employment Practices Liability (EPL) policies. Coverage under management liability (ML), errors & omissions (E&O) and cyber policies may also trigger depending on the specific claim allegations.
Coverage nuances & considerations
It is important to keep in mind that not every claim brought by an employee against its employer will be covered under the employer’s EPL policy. Only those claims that allege employment-related wrongful acts that are specifically enumerated in the policy will trigger coverage, subject to all other terms and conditions that might apply.
If employment-related wrongful acts result in bodily injury, that loss will not be covered. EPL policies generally exclude coverage for bodily injury as such claims would be typically covered under a workers’ compensation policy, which covers work-related injury and illnesses. However, most EPL policies do provide coverage for claims alleging emotional distress, mental anguish and humiliation. Hence, a claim by an employee alleging that he or she suffered a debilitating allergic reaction to the COVID-19 vaccination mandated by their employer would not be covered under an EPL policy, but if that same employee alleged that they suffered emotional distress as a result of having to take the vaccine or risk losing their job, that would likely trigger coverage.
As noted above, an organization mandating that all employees and visitors be vaccinated could expose themselves to liability from third party non-employees, as well. Most EPL policies provide coverage for claims brought by third parties (typically clients, customers and vendors) that allege either discrimination or harassment by an insured. Prospective employees, however, are treated as employees under EPL policies and therefore coverage for claims by applicants for employment is not limited to discrimination and harassment but is the same as that provided for claims brought by employees or former employees. Coverage for harassment is often limited to claims alleging sexual harassment, but some policies may provide broader coverage for harassment of a nonsexual nature. Hence, a claim for discrimination made by a customer or guest who is unable to take the vaccination due to a disability or religious belief would trigger coverage under an EPL policy. Similarly, a claim alleging, for example, verbal harassment by employees against a client or vendor who is a vocal vaccination skeptic might also trigger coverage.
Many EPL policies today also cover claims by employees for invasion of privacy, which is considered a workplace tort. This coverage is pertinent since information collected in connection with a employer mandated vaccination program can involve an employee’s personal medical information, which, if not treated as confidential or is improperly disclosed, could lead to a claim for invasion of privacy.
Employers who mandate the vaccination could decide to administer it on-site or through a third party, or alternatively seek that the employee provide proof of vaccination obtained elsewhere. The CDC requires that specific screening questions concerning the individual’s health status and impairments be asked before the vaccination can be administered. Thus, if the employer provides the vaccination, the mandatory screening questions could involve disclosure of the employees’ personal medical information. This undoubtedly could be a source of liability for the employer since there are very specific rules about how an employer can handle employee medical information under the ADA. In addition, where an employer requests proof of vaccination obtained by the employee off-site, any questions they ask that could elicit information about a disability — particularly if asking why an employee did not get vaccinated — could trigger a claim under the ADA.
Finally, claims by employees could also involve situations involving an organization’s surveillance of its employees on social media. In the context of mandated vaccinations, for example, if an employer denied an employee a religious-based exemption because it discovered through social media sites that the employee is a vocal antivaxxer, the employer could be liable for discrimination or potentially retaliation. Such a claim would trigger EPL coverage.
In addition to coverage under EPL policies, claims involving the personally identifiable information of employees could also trigger cyber coverage. For example, a claim resulting from a cyber breach for negligence by the organization in handling employee confidential information could potentially trigger an overlap of coverage under both an EPL and cyber policy, depending on the language in both policies. Such a claim might allege that confidential employee records including medical information obtained as part of the vaccination exemption request process were sent to a fraudster as a result of a phishing scheme, therefore exposing the employee(s) to medical identity theft, which would trigger the cyber coverage. At the same time, the claim could allege negligent training of employees not only with regard to handling cyber and phishing attacks but also with respect to maintaining and enforcing corporate policies and procedures designed to protect the confidential information of employees. This type of claim would likely be covered under an EPL policy, particularly if that policy does not specifically exclude claims resulting from cyber breaches.
The suite of management liability policies purchased by organizations generally include EPL, and D&O, policies, among others. The vast majority of claims brought by employees against a company and its managers and employees that allege employment-related wrongful acts will fall under the EPL coverage. That is why D&O policies, which focus on coverage for wrongful acts involving corporate mismanagement, often exclude coverage for claims involving employment matters.
However, there may be limited circumstances where a claim stemming from an employment matter triggers D&O coverage. D&O policies generally provide broad coverage to individual directors and officers, and those individuals may be covered for employment-related claims that are made against them in their capacity as directors and officers. In such a case, coverage for those individuals could technically be triggered under both the D&O and a separate EPL policy. Additionally, some D&O policies expressly include EPL coverage for both the D&Os and the organization.
Finally, in light of the recent trend of event-driven D&O claims, one could envision a claim against an organization and its directors and officers alleging breaches of fiduciary duties or misrepresentations to investors as a result of a mandated COVID-19 corporate vaccination policy. Such a suit could allege that the organization misrepresented the safety or necessity of its vaccination protocol, or that the board failed in its oversight duties by turning a blind eye to systemic discrimination at the management level.
Even if an organization follows all federal, state and local laws and guidance around mandating COVID-19 vaccines, accommodates employees seeking exemptions, and acts with the utmost prudence, it may still be sued. It is important to consider that any claim will cost money to defend as the company will most likely need to retain an attorney to respond. A claim linked to the controversial issue of mandating vaccinations could also have the unwanted repercussion of generating negative publicity against the company since lawsuits filed in U.S. courts are generally accessible to the public. Finally, as we remain in a hard underwriting market for financial lines coverages, any claim reported to an insurance carrier might also result in an increase of policy premium at renewal, particularly if the insurance company pays out on the claim.
As organizations continue to navigate the ever-evolving landscape of COVID-related liabilities, the types of claims outlined above are a reminder that securing broad management liability, EPLI, D&O and cyber coverage is critical to an organization’s risk management and balance sheet protection. Lockton stands ready with the expertise and resources to assist clients who wish to review or expand their coverages in light of potential COVID-19 exposures, file a claim with their management liability carriers, or answer any of their insurance-related questions.
1 Such as the Occupational Safety and Health Administration (OSHA), the Centers for Disease Control and Prevention (CDC), and the United States Department of Labor (DOL).
2 The EEOC is the federal agency responsible for enforcing workplace anti-discrimination laws.
3 See, https://www.eeoc.gov/wysk/what-you-should-know-about-covid-19-and-ada-rehabilitation-act-and-other-eeo-laws
4 Under the ADA, “undue hardship” means a significant difficulty or expense on the company.