Workplace wellness programs put employee privacy at risk

Story highlights

  • More employers see wellness as the latest promised solution to soaring health costs
  • Employers pressure workers to give unfamiliar companies detailed data about the most sensitive parts of their lives

Houston workers who checked the fine print said they weren't sure whether they were joining an employee wellness program or a marketing scheme.

Last fall the city of Houston required employees to tell an online wellness company about their disease history, drug and seat belt use, blood pressure and other delicate information.
    The company, hired to improve worker health and lower medical costs, could pass the data to "third party vendors acting on our behalf," according to an authorization form. The information might be posted in areas "that are reviewable to the public." It might also be "subject to re-disclosure" and "no longer protected by privacy law."
      Employees could refuse to give permission or opt not to take the screen, called a health risk assessment -- but only if they paid an extra $300 a year for medical coverage.
      "We don't mind giving our information to our health care providers," said Ray Hunt, president of the Houston Police Officers' Union, which objected so strongly along with other employees that the city switched to a different program. "But we don't want to give it to a vendor that has carte blanche to give that information to anybody they want to."
        Millions of people find themselves in the same position as that of the Houston cops. As more employers grasp wellness as the latest promised solution to soaring health costs, they're pressuring workers to give unfamiliar companies detailed data about the most sensitive parts of their lives.
        But whether or not that information stays private is anything but clear, an examination by Kaiser Health News shows.
        In many workplace wellness programs, "it seems by taking the health risk assessment you are waiving your privacy rights," said Jennifer Mathis, director of programs at the Bazelon Center for Mental Health Law.

        How wellness programs work

        At worst, shared information about sensitive conditions could support discrimination by employers, banks, life insurance companies and others. Wellness data is already escaping into what one expert calls "the great American marketing machine" that pitches products according to your diseases and lifestyles, privacy scholars say.
        Wellness vendors charge employers a per-person fee to assess workers' health and motivate them to exercise, eat well, see doctors and take pills. Companies push workers to participate with gift cards, insurance discounts and other rewards or penalties.
        As employers flock to the wellness parade, corporate wellness vendors make up what research firm IBISWorld predicts will be a $12 billion industry by 2020 -- six times its estimated size in 2011.
        Privacy advocates see a void of regulation or even voluntary standards to ensure the information is used as intended. By all accounts the amount of worker wellness data being collected — through the Web, company surveys, wearable devices, gym records and lab tests — is exploding.
        "The privacy issues are profound," said Pam Dixon, executive director of the World Privacy Forum, an advocacy group. "If people are being asked to wear a biometric electronic device, or use a mobile app or work within a wellness program, that data can be used in ways that may be very, very surprising to people."
        Numerous wellness vendors say flatly that privacy is critical to their reputation and that they don't share information on individual workers with employers, data brokers or marketing companies. But as the Houston employees found out, the fine print isn't so plain or reassuring.
        • Few workers know that wellness contractors are often unbound by the strict privacy law, known as the Health Insurance Portability and Accountability Act (HIPAA), that restricts doctors and hospitals.
        • A review of privacy policies shows that many wellness vendors adopt policies allowing them to share identifiable data with unidentified "third parties" and "agents" working to improve employee health.
        • The industry boom has drawn a widening network of fitness centers, websites, app publishers, wearable device makers and other affiliates working with wellness plans to collect employee health information — each with its own complicated privacy policy. That boosts chances data will be misused, privacy advocates say.
        • Wellness companies and their contractors routinely share almost completely unregulated "de-identified" data showing group heath results with employers, researchers and others. Scientists have shown such information can be "re-identified" and used for marketing, potential credit screening and other purposes.

        Reading the fine print

        Wellness vendor Audax Health, whose work with Houston resulted in "an overwhelming number of employees who were uncomfortable with the privacy statement," according to a city statement to employees, said it keeps information strictly confidential. Audax's online portal for employees is called Zensey.
        "We do not sell or resell personal health information to anyone," including marketing companies and data brokers, David Sclar, Audax's chief privacy officer, said through a spokesman. "We do not allow third parties to market to Zensey users."
        But Audax's own fine print contradicts the second part of his statement, saying the vendor may direct marketing pitches from third parties to wellness members based on "attributes" it collects from those employees. Audax is majority-owned by insurer UnitedHealth Group.
        Other big wellness vendors, including venture-capital backed Welltok, include similar language in their disclosures. Welltok says its CaféWell portal might "target certain advertisements to your browser," without identifying the user.
        That permission "may be broader than needed," said Welltok spokeswoman Erica Morgenstern. Welltok does not target ads at users and might change the language the next time it revises the disclosure, she said.