Balancing wellness programs and employee privacy
Published: January 9,2014
Whenever I work with an employer to promote its wellness offerings, one of the first topics we discuss is employee privacy. This is because the most purposeful programs ask employees to share information that is so personal they may not even tell their spouse, like their weight and their body mass index.
From the beginning of any wellness campaign, an employer has to answer three important questions:
1) Why are employees being asked to share private health information?
2) How is the information protected?
3) What, if anything, will the employer do with the information once it is shared?
Employers often embark on wellness programs to control the rising cost of health care and to increase employee engagement. Healthy employees spend less money at the doctor and on expensive procedures and prescriptions. They’re also more present and productive at work.
In order to help employees begin to take ownership of being well, employers need to make sure employees know their current health state. Employers often begin a health and wellness program by asking a third-party business partner to help employees assess their health. It can be done through surveys, called health risk assessments, in which employees can be asked questions as benign as whether or not they use a seatbelt, to as invasive as their use of tobacco, alcohol or prescription drugs.
In addition to the health risk assessment, wellness programs may collect even more personal data through biometric screenings. These screenings usually require a visit with a health care practitioner to collect blood samples for measuring cholesterol and other health risk indicators.
So, the answer to question No. 1 (Why are employees being asked to share private health information?) is simple: Employees need to understand their current health state in order to improve it.
The second question (How is the information protected?) is critically important to answer for employees at the beginning of a wellness program that includes the disclosure of personal health information.
Often, employers will engage with a reputable third party to collect the information. The vendor must usually satisfy several security practice disclosures. And collection of such information is governed by federal law – namely the Health Insurance Portability and Accountability Act. The privacy and security rules under HIPAA require special handling of health information and prohibit employers from making any employment-related decisions. Under HIPAA nondiscrimination rules, discrimination is prohibited based on “health status-related factors.” It is critical that these requirements are clearly communicated to employees so they understand that as their employer, you not only are aware of their privacy rights, but that you also honor them and protect them.
Finally, employees need to know how their personal information will be used (question No. 3). Will employers have any access to their data? Employers technically do not have access to that data, especially if the information is collected by a third party. However, that distinction could be blurry from an employee perspective if their premium contributions are based on their health outcomes or if they are contacted by a disease-management nurse to counsel them in treating a chronic condition such as diabetes.
Third-party organizations that gather private health information will often aggregate the data – in other words, throw it all in one bucket – and share the nonpersonalized results with the employer. Such information sharing can tell an employer if the organization has a high level of employees with chronic conditions such as heart disease. It can help employers better design wellness and health management programs to address such issues.
Some employers might offer incentives for employees who meet certain health standards – such as discounted premiums for not using tobacco. Others will go even further to provide rewards for achieving a certain cholesterol level. These are called “standards-based” wellness programs, and they must meet very specific criteria, none of which affects employment status.
For example, employees must have a chance at least once a year to update their data so they can receive the reward, and the wellness plan must offer a reasonable alternative to meeting the standard. Some employers, for example, might offer the no-tobacco discount to employees who engage in tobacco-cessation classes so that tobacco users can receive the premium discount.
Other programs could involve a disease-management specialist, such a registered nurse, contacting employees at home to discuss chronic health conditions and best management practices, which can be jarring to employees when their phone rings at dinner time and a stranger starts asking personal health questions.
In all of these situations, it is the employers’ imperative to clearly communicate how information will be used and for what purposes. If employers are not proactive with this communication, distrust around the program, and ultimately the employer, will develop. Most employers embark on the complex wellness journey in hopes of helping employees live more healthful and rewarding lives. But remember, those rewards will only be appreciated fully when employees understand upfront what kind of personal information is required of them and how it will be managed responsibly.
Michelle Hicks, a senior professional in human resources, is a director in the communication practice of Buck Consultants, a Xerox company.