If your company hasn’t launched a wellness program, this might be the year.
As benefits enrollment for 2016 approaches, more employers than ever are expected to nudge workers toward plans that screen them for risks, monitor their activity and encourage them to take the right pills, food and exercise.
This involves a huge collection of health data outside the established medical system, not only by wellness vendors such as Redbrick, Audax and Vitality but also by companies offering gym services, smartphone apps and devices that track steps and heartbeats. Such partners pass worker results to the wellness providers.
Standards to keep such information confidential have developed more slowly than the industry. That raises risks it could be abused for workplace discrimination, credit screening or marketing, consumer advocates say.
Workplace wellness programs put employee privacy at risk
Here’s what to ask about your company’s plan.
What information will my employer see?
Many employers get only anonymous, group data. The vendor reports how many workers are overweight or have high blood pressure, for example.
But sometimes employers can see individual results, setting the stage for potential discrimination against those with disabilities or chronic illness. Or they can guess them. Discrimination based on disability and illness is illegal but hard to prove.
Workers should ask exactly what information will get back to their company and whether it will identify them.
Is the program covered under the HIPAA privacy law?
The Health Insurance Portability and Accountability Act restricts sharing of certain medical information to doctors, health insurers and other authorized users. Asking whether a wellness plan is covered by HIPAA is a good, first attempt at judging confidentiality.
Workplace wellness programs offered separately from an employer’s group health insurance plan are not protected by HIPAA. Other privacy laws might apply. But often it’s often impossible for employees to tell without asking.
Even in HIPAA-covered programs, a few, designated managers at your workplace can see health reports including identities, although they’re supposed to keep them confidential.
Use of a wellness portal often gives the vendor permission to share personal data with unidentified “third parties.” Those would be insurers, data-storage firms and other partners necessary to the program, vendors say. They’ll protect the information as well as anybody, they say.
But the open-ended nature of the permission gives consumer advocates the creeps. Read the privacy and terms-of-use disclosures. Ask questions if you’re uncomfortable.
My employer says it sees only group results. Does that guarantee privacy?
At smaller firms it’s sometimes easy for managers to match worker identities with results from group reports. The same goes for large companies when wellness data is disclosed by team or division.
Ask how far the results will be broken down.
How many other companies see my wellness data?
Employees deserve a clear explanation of which companies get their data, what form it takes, how recipients will use it and how it is protected, privacy advocates say.
What privacy policies do subcontractors and other third parties have to follow?
One privacy standard for wellness contractors, set by the National Committee for Quality Assurance, requires the primary wellness vendor as well as third-party partners to conform to HIPAA.
But that kind of policy is not universal. NCQA recognizes only a few dozen out of hundreds of wellness companies. And NCQA standards are voluntary and don’t confer consumer rights.
Could somebody try to identify individuals in the group results shared by my wellness plan?
Wellness privacy policies often give vendors broad room to share data stripped of names, addresses and other identifying features. Such information is not protected under HIPAA.
Experts have shown that such results can be re-identified by combining them with public databases. As an extra protection, wellness vendor Limeade and wearable device maker Fitbit prohibit third-party partners from attempting to re-identify the information they share.
But not all vendors do the same.