Are Workplace Wellness Programs a Privacy Problem?

Workplace wellness programs—promoted as a way to foster healthy behavior and encourage preventive care—are having a moment.

Last year, 82 percent of larger companies (those with 200 employees or more) and 53 percent of smaller ones offered some type of wellness program, according to the Kaiser Foundation’s annual survey of workplace benefits. By some estimates, workplace wellness is an $8 billion industry.

And having access to a wellness program at work—one that may help you lose weight, get in shape, quit smoking, or otherwise improve your health—sounds like a welcome benefit. Especially if it comes with financial enticements, such as gift cards, merchandise like fitness trackers, cash, contributions to health-related savings accounts, or a discount on your health insurance. The 2016 Kaiser workplace benefits survey found that 42 percent of large firms with wellness programs offered employees a financial enticement to participate in or complete the program.

Some companies offer lunchtime walking groups and on-site exercise or nutrition classes. They may also provide employees with wearable fitness trackers to record information such as daily steps and hours of sleep.

Others have more extensive offerings and come with comprehensive health questionnaires that ask about your lifestyle habits, physical and mental health, reproductive plans, and family medical history. They may also offer screenings to measure your blood pressure, blood sugar, body mass index (BMI), and cholesterol. Some even feature genetic testing.

But are these get-healthier programs as good for you as they sound? The answer isn’t so simple. Research on their ability to improve well-being has had mixed results over the years. Plus, participating often means sharing personal health information or having to meet specific health or fitness goals.

And “there are definitely privacy concerns,” says Pam Dixon, executive director of the World Privacy Forum. “There are so many different kinds of wellness programs and different [privacy] laws for different ones. It’s very complex.”

Dena B. Mendelsohn, senior policy counsel for Consumer Reports, says that because of the wide variety of types and operators of wellness programs, the application of these laws is spotty and inconsistent—rendering them inadequate. 

In addition, “one potential problem with wellness programs is they can create an atmosphere in which certain health behaviors or levels of physical performance are expected,” says Anna Kirkland, J.D., Ph.D., a professor of women’s studies at the University of Michigan. “Employees with disabilities or other reasons for not participating might feel discriminated against or not welcome.”

For instance, she notes that if you can’t lose enough weight to achieve a program’s desired BMI goal or you’re just too busy to take 10,000 steps a day, you could feel like you’re not the kind of employee the company wants.

Consumer Reports is currently sponsoring a bill in California (AB-648) calling for clear privacy protections—limiting the collection of personal information and prohibiting its sharing, for instance—and other safeguards, such as forbidding employers from requiring participation in wellness programs. 

“Our goal is to make sure privacy rights are consistent across all programs, and to increase transparency so that employees know what data is being collected,” says Mendelsohn. “If workers choose to participate in a wellness program, they should be able to do so without giving up their right to privacy, and without suffering discrimination or financial penalties based on whether or not they participate.”

Before you join a workplace wellness program, it’s important to consider the following.

In many cases, wellness programs are run by the health insurance plan an employer offers its employees. But some companies hire outside vendors to set up and oversee their wellness offerings.

And when it comes to your privacy, there’s a big difference. If a program is run through your company’s health insurance plan, what’s known as HIPAA (based on the Health Insurance Portability and Accountability Act of 1996) privacy rules apply. (Other federal or state laws may also apply.)

This means that just like your doctor’s office, the health insurance company running the program is legally required to keep your personally identifiable health information—info that can be linked to you or used to identify you—private.

If your company is self-insured (common for larger workplaces) and offers a wellness program through that self-administered health plan, it’s also subject to HIPAA rules. (One exception: if the plan has less than 50 participants.)

But if the program is run by an outside vendor, as many are, HIPAA rules don’t apply. “Independent wellness vendors aren’t really regulated at all,” says Dara Smith, an attorney with the AARP Foundation. “You are basically trusting them not to share your health data with your employer.”

In addition, if an independent vendor is running your company’s wellness program, that vendor can legally share or sell your data to advertisers or other companies.

What this might mean: Say, for instance, you noted in your health questionnaire that you’re trying to get pregnant. You may start receiving pop-up ads or email for products like ovulation prediction kits. This is legal but might feel like an invasion of privacy to some.

Source : https://www.consumerreports.org/health-privacy/are-workplace-wellness-programs-a-privacy-problem/