- Privacy, Wearable Tech, and the EEOC Employer Wellness Programs Rules: A Guide for Businesses
- January 30, 2017
- Law Firm: The Posey Law Firm P.C. - Austin Office
- The Affordable Care Act is empowering business owners to provide incentives for employees to become healthier. This is seen as a grass-roots effort to encourage healthy lifestyle changes. Unfortunately, the benefits of workplace-based health initiatives are not supported by high quality medical research. The idea of a group of employees using exercise for team building, or friendly wellness competitions to improve corporate culture is an appealing idea. This model employee group is young, fit, and tech-savvy, not necessarily a group that represents the demographics of a typical American workplace.
The Equal Employment Opportunity Commission (EEOC) published rules that will go into effect in January, 2017, for how wellness programs can access employee health data without violating federal regulations that protect confidential health information. The Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA) include provisions that protect a person's right to privacy with regard to health information and provisions that protect them from discrimination in the workplace based on this protected information.
There is concern that the new rules will not protect privacy, and will in fact violate the ADA, GINA, and HIPPA regulations in the way businesses access and use private employee medical data. AARP has filed suit to stop implementation of the rules until these issues can be clarified.
The EEOC rules are designed to protect privacy regarding disability, genetic disease, and other personal medical information, and to encourage participation in employer wellness programs. These wellness programs are considered an employment benefit. Employers are specifically excluded from using this information to move financial responsibility from the employer to the employee for health insurance premiums.
With both ADA and GINA, employers are forbidden to discriminate, make hiring or firing decisions, or retaliate against employees based on their knowledge of this health information. In general, employers cannot ask employees to disclose this or any health information. But there are many opportunities for protected health information to become known to management. Besides wellness program assessments and medical questionnaires, the Family and Medical Leave Act can cause private information to be disclosed during certification. If employees are in monitoring programs in the workplace, such as for exposure to hazardous materials, this monitoring can incidentally disclose protected information.
When employers have had to make reasonable accommodations in the workplace for a disability, they become aware of protected medical information related to the disability. There are specific restrictions on how they can use this information. Medical examinations can only be required if they are required for all employees applying for a specific job. For medical testing related to drug and alcohol abuse in the workplace, employers do not have to abide by the restrictions of the ADA in requiring testing.
Participation in these wellness programs is, under the EEOC rules, voluntary, but employers can provide both incentives and disincentives for participation or lack of participation. Health insurance cannot be withheld for employees who do not participate in the wellness programs, but there is a significant financial incentive for participating. The question is if a financial incentive to participate means a disincentive not to participate, a disincentive powerful enough to make the term 'voluntary' questionable. This degree of financial coercion might make sharing health information and participating in the wellness programs a violation of the EEOC rules that require the programs to be voluntary.
Companies are also specifically excluded from sharing or selling employee medical information. Employers are said to be allowed health information on employees in the aggregate only. That means that a third-party wellness program can transmit information that is grouped- averages and ranges. The issue of aggregate information and privacy is more difficult with a wellness program that is owned and managed in-house.
Many wellness programs are jumping on the wearable tech bandwagon by offering employees wearable fitness trackers of various types as an incentive to participate in employer wellness programs. Wearable tech includes a number of devices and applications that can monitor and track biomedical information. The fitness tracker can collect and report data such as steps walking or time exercising, heart rate and blood pressure.
Consumers like fitness trackers, but have concerns about privacy, how their health information is being used, and who can access the information. Many people are not particularly tech-savvy, and don't know how the trackers are being used, where the information collected goes, or who can access the data.
Online fitness platforms allow users to input their data automatically from a tracker so various metrics can be applied. These online and cloud-based platforms add another concern about privacy and who has access to health data-- employers, health insurance providers, wellness program providers? Some devices, such as the smart bathroom scale, measure weight, BMI, and other biometrics and inputs it automatically, so users won't be tempted to skim a few pounds. A user can program a pregnancy mode for the scale which will be recorded in their online profile. The information from the smart scale is stored in a cloud-based platform and metrics are applied.
If data is being stored in online or cloud-based health websites that track biometrics, and are part of an employer wellness program, issues such as preexisting conditions and privacy-protected health data that may impact health insurance rates cannot be considered as private from an employer. If wellness programs are being offered by the same company that provides health insurance, employee concerns about who can access their health information, and how it can be used in the workplace, are serious and present concerns.