As more companies implement workplace wellness programs in hopes of curbing healthcare costs, there’s been rising concern among employees about the privacy of their personal health information.
A recent Wall Street Journal article is the latest story to raise questions about how much access employers should be able to have to workers’ health data, and whether companies should be able to use that data to try to influence workers’ behavior.
According to WSJ, insurers and employee wellness firms are working with employers like Wal-Mart and J.P. Morgan Chase & Co. to access data — such as whether workers use birth control, buy bicycles or video games, and even if they vote — all in an effort to anticipate and suggest treatment for individual health concerns.
For example, a worker determined to be at risk for diabetes might get a personalized message through an employer-sponsored wellness app suggesting they a visit a doctor or join a weight-loss program within the company’s network.
Castlight Health, the healthcare information company mentioned in the WSJ article, recently created a product that scans insurance claims to see when women stop filling their birth control prescription, or search fertility treatments using Castlight’s health app. Such employees then might be sent personalized emails or messages through the app recommending prenatal care or obstetricians.
Having this level of intimacy with a wellness firm that’s been hired by their employer can feel intrusive to some women — and that particular example sparked a lot of anger among workers on social media:
Remember how SCOTUS said HobbyLobby didn’t have to pay for employees’ birth control?
But your boss can monitor it? https://t.co/nuXWMxAeNX
— Brienne of Snarth (@femme_esq) February 17, 2016
— The Nerdy Bird (@JillPantozzi) February 17, 2016
Can’t wait to see the app that allows employers to get alerts when male employees don’t use condoms https://t.co/N2hWbp83Rz
— Jen LC (@RegressedPDO) February 17, 2016
But how likely is it that your employer is really monitoring your birth control usage? And what are the chances management could use personal health data to make workplace decisions?
First of all, WSJ points out that when employers work with consulting firms to mine employees’ health information, the only data the firms can use must be authorized by the employee.
Employees are prompted to grant the firm permission to send them health and wellness information via an app, email or other channels, but can always opt out.
Furthermore, any information that the firm relays to its client (aka the employer) is generally in aggregate form. Federal health-privacy laws typically bar employers from viewing workers’ personal health information, so any data gathered from consulting or wellness firms shows aggregated data on the number of employees found to be at risk for a given condition.
Castlight told Boston.com its product was developed because a large number of self-insured employers said their workers didn’t understand their benefits, and had “no idea” what role those benefits could play in making major healthcare decisions. The firm also said privacy was incorporated into its product from the very beginning — even describing it as “foolproof.”
“There is no way an employer could access information about individuals to make employment decisions,” Alka Tandon, senior product manager at Castlight, said, but added that she understands the concern women might feel.
To eliminate employers’ ability to single out workers with health problems, Tandon said, Castlight won’t relay any aggregate information that applies to segments of the workforce with fewer than 40 people.
“We’re very careful,” Tandon said. “That’s just one example of how we’ve mitigated any concerns.”
But some privacy experts say it’s a slippery slope when employers get involved with workers’ health information, even in aggregate.
“There are enormous potential risks in these efforts, such as the exposure of personal health data to employers or others,” Frank Pasquale, a law professor at the University of Maryland, told WSJ.
Last month, when large companies like IBM, PepsiCo, and Johnson & Johnson announced they were pushing to make employee health information public knowledge, they said the data would be an aggregate picture of companies’ workforces, and would provide investors, directors, and other stakeholders with valuable information about the overall wellness of an organization.
Supporters of the push said most companies already implement privacy protections for individuals to evaluate their health benefit packages and to plan for health promotion programming, but a STAT article pointed out that some of the companies that have signed onto the initiative, like Discovery Ltd., a South Africa-based financial services organization, are in fact singling out workers.
For example, last year Discovery Ltd. issued a report that detailed which department lost the most weight in the company’s “10 Ton Challenge,” a program that members of the Obesity Action Coalition said could seem discriminatory to overweight workers.
James Zervios, a vice president at the Obesity Action Coalition, told STAT publishing such information “put a target on employees’s backs who are dealing with obesity.”