More and more employers are using wellness programs as a solution to rising health costs and even more are expecting to launch wellness programs in the coming year. But is our privacy at risk? Wellness program privacy is a hot topic and, with the slow development and implementation of standards to keep information confidential, it's no surprise. Wellness program data collected by employers is released to wellness providers and this non-confidential data could be abused for workplace discrimination, credit screenings, and even unwanted marketing. As more employers grasp wellness, they are pressuring employees to give unfamiliar 3rd party companies detailed data about one of the most sensitive parts of their lives. In many wellness programs simply taking the health risk assessment could mean you are waiving your privacy rights. So, what are the best questions we should ask our employers to help retain our wellness program privacy and keep our sensitive information secure?
Here are 7 questions you should ask about your wellness program:
1. What information will my employer see? Many employers will only receive anonymous group data, i.e. how many workers have high blood pressure or obesity. In some instances, your employer can see individual results. This can lead to discrimination due to disability or illness. Employees should ask exactly what information will be shared with their employer and if they would be identified.
2. Does the HIPAA privacy law cover your wellness program?
HIPAA restricts sharing of certain medical information; if your wellness program is covered by HIPAA that is a great judge of confidentiality. It's beneficial to remember, even in HIPAA covered programs, designated managers can see health reports including identities, but they are obligated by law to keep them confidential.
3. Do I give up my HIPAA rights when I fill out my health assessment? Wellness portals can often give a vendor permission to share personal data with 3rd parties. Read the privacy and terms of use disclosures and ask questions whenever you are unsure or uncomfortable with the information you are reading.
4. If my employer can only see group results, is my privacy guaranteed? Ask how far group results will be broken down in manager reports.
5. Which other companies can see my wellness data? Wellness programs often involve multiple firms gathering and sharing your information and each of those firms may have their own privacy policies. Employees deserve a clear explanation of how their information will be shared, how the data is used, and how well it will be protected.
6. What privacy policies do subcontractors and other 3rd parties have to follow? The National Committee for Quality Assurance (NCQA) requires the primary wellness vendor and 3rd party partners to conform to HIPAA, but NCQA only recognizes a few dozen wellness companies and their standards are voluntary.
7. Can vendors try to identify individuals from group data? Experts have suggested that data can be re-identified by combing them with public databases. Currently, wellness vendor Limeade and wearable device maker Fitbit prohibit 3rd party partners from attempting to re-identify any shared information. But many other vendors do not do the same. Are there any questions that you suggest employees ask about their wellness program privacy policies? Let us know!