The Gap Between Employee Wellness Programs & HIPAA

  • Reset
  • Category

  • Topics

You probably know that HIPAA – the Health Insurance Portability and Accountability Act – protects an individual’s medical information from being shared. This means that healthcare providers and insurance companies can’t release private medical information about patients or policy holders.

And since HIPAA became law in 1996, most of us have become accustomed to the privacy protection it affords. But things have changed since then. The law still stands, but health screenings and health data collection aren’t confined to traditional healthcare settings. For instance, wearable fitness trackers collect health information. Apps on smart phones collect it.

And so do employee wellness programs.

Who has access?

It’s ironic that while HIPAA states that health information cannot be given to a person’s employer without permission, an employee wellness program that collects health data falls into a gray area. And that puts the onus on the employee to ask the right questions of his/her employer to determine if information gathered through a corporate wellness program is held in confidence.

How private do you want it to be?

There may be folks who grew up in the digital and social media age who have a different attitude about public versus private information. If they participate in group classes, weight loss contests or blood work screenings, they’re not concerned.

But for others, medical information is deeply personal. The thought of “just anyone” knowing that they have high cholesterol or high blood pressure is embarrassing. As far as they’re concerned, their medical information is nobody else’s darn business.

Here are a few scenarios:

Let’s take “Heavy Harry”. He’s participating in the contests and company exercise classes. It’s clear that he is struggling in the beginning, but gradually he improves. Is this a public-praise kind of thing that lifts the boat of wellness, or is it trotting out Harry’s private problems for the entire world to see?

Or what about Mary? She hasType 1 diabetes. If she participates in the annual blood screening offered by her company wellness program does that mean her boss is privy to her condition? Has confidentiality been discussed with the personnel who handle the files?

TMI (Too Much Information)!

Consumer advocates say sharing private health information opens up the possibilities for abuse. Historically, employers didn’t run credit reports on interview candidates. These days, many do.

Suppose health histories could be checked also? Workplace discrimination, anyone? If you haven’t familiarized yourself with the Americans with Disabilities Act, now’s a good time to do so.

The spirit of the law.

HIPAA recognizes that most people want the final say over the release of their medical and other health information.

Therefore, thoughtful leaders of corporate wellness programs should get in front of the ambiguity and put employees’ minds at ease by making their program voluntarily HIPAA compliant and stipulate that third parties associated with the program (labs, apps, etc) must also abide by HIPAA.

Increasing and maintaining participation is an ongoing objective of any wellness program, so why not eliminate as many barriers as possible?

If respected and large corporate wellness programs set this example, many others would follow suit. This would be good for the individuals concerned and the reputations and credibility of employee wellness programs.

Otherwise, employee wellness program managers ought to be prepared to justify their program’s privacy policy (or lack thereof).

Here’s an article explaining some of the employee privacy issues as they pertain to employee wellness programs.