When the city of Houston hired a company to provide an employee wellness program, their workers reportedly faced a tough choice: complete a questionnaire that asked about touchy topics, like their health history and drug use, or pay a yearly $300 penalty.
With over one in five large employers using financial incentives to get employees to complete health screenings as part of a wellness program, many other American workers have likely faced similar predicaments. But under a newly proposed federal rule, individuals covered by a spouse’s employer-sponsored health plan would also have to divulge their health information to avoid a penalty, regardless of whether they choose to participate in the wellness program.
Nearly three out of four employers that provide health insurance also have wellness programs, and almost half of employee wellness programs allow spouses or dependents to participate. The recent proposal from the U.S. Equal Employment Opportunity Commission (EEOC) would authorize employers to use financial “inducements” as a way to encourage employees’ spouses to fill out a questionnaire about their health or take a physical exam as part of an employee wellness program. This means that employers would be able to request certain types of health information from employees’ spouses in exchange for a financial reward, such as an insurance premium discount, and to assess penalties to those who do not provide the information.
The proposed rule would define a wellness program as one that has “a reasonable chance of improving the health of, or preventing disease in, participating individuals.” Services offered through employee wellness programs vary: some programs only screen employees for health risks, whereas others provide behavioral interventions like nutrition classes and disease management services. Employers use employees’ health information to connect them with appropriate health services.
A key requirement under the proposed rule is that, even with the use of financial incentives, wellness programs must be voluntary. To ensure the inducements do not become so high so as to render them “coercive,” the rewards and penalties cannot exceed thirty percent of the total cost of a worker’s health insurance coverage. Since the average yearly cost of an employer-sponsored family insurance plan is over $16,000, this means a penalty could be thousands of dollars.
Employers have already been able to use incentives of this size to encourage employees to participate in health screenings. In the past, advocates have expressed concern that financial incentives would force people to divulge sensitive medical information.
“When…employers can charge you a couple thousand dollars more for refusing to give private medical information, that doesn’t sound very voluntary to me,” Samuel Bagenstos, a University of Michigan Law School professor, reportedly said.
But statements from the business community urge the importance of economic incentives and spousal rewards in wellness programs.
Before the proposal was published, a business coalition submitted testimony to the EEOC on the effectiveness of financial incentives for boosting participation in employee wellness programs and the need for spousal rewards. The written testimony argues that workers are more inclined to make healthy changes when multiple family members participate in a wellness program.
Additionally, supporters of worksite wellness programs say the medical assessments can save lives by making employees aware of serious health conditions that need treatment. Russell Chapman, an employee benefits attorney with the firm Littler, noted that people sometimes go straight from a health screening offered through a wellness program— which usually tests for high blood pressure, heart issues, and diabetes—to the hospital due to the immediate need for treatment of a previously undetected condition.
But sharing sensitive health data through a wellness program raises privacy concerns for employees and their families. Even though health data collected through wellness programs are usually kept with an external vendor or health insurance company instead of an employer, some workers reported choosing to pay penalties due to fears employers would see their information.
“A $40 a month penalty is not enough for me to want to tell my employer what I’m doing with my health,” worker Michelle Muckenthaler reportedly said about her choice.
In an earlier proposed rule that is not yet finalized, the EEOC addressed privacy worries surrounding worksite wellness. The earlier proposal emphasized existing federal protections under which employers can only see aggregate employee health data, as opposed to individualized information, which helps protect workers’ identities.
However, the EEOC proposal would include an exception that would enable employers to get individual-level data when “it is necessary to administer the plan.” The American Association of Retired Persons AARP submitted comments asking the EEOC to explain why individual level information is needed for plan administration and recommended omitting the exception.
Hackers could also get employee data, say commentators. For example, employee wellness program vendor StayWell reportedly had information stolen from over 14,000 of its clients’ employees. Although no medical data were hacked, the perpetrators apparently managed to access employees’ names, birth dates, and contact information.
StayWell now takes various additional measures to prevent another breach. Some of these strategies include the use of random “participant identification numbers” instead of Social Security numbers, as well as the use of software that detects security weaknesses and the establishment of audits of its data center. Additionally, some employers, such as Johnson & Johnson, regularly audit their wellness vendors to verify the security of their systems.
Even cybersecurity specialists have their doubts about whether it is safe for workers to give employers sensitive health information. Geoff Hancock, Chief Customer Strategy Officer at cybersecurity business service firm Empower Solutions, is one such specialist. Hancock works with employers to keep their wellness program data safe, but he told the media that he has not shared his own health data with employers in the past because of security risks.
“The technology isn’t that secure, so you’re trusting people not to use it and be responsible. You just can’t count on any of that,” Hancock reportedly said. “Unless you can show who has access and prove it is secure, I’m not signing up.”
In its proposal, the EEOC requests comments on best practices to keep spouses’ health data safe. The EEOC also seeks comment on whether the final rule should specifically address storage of electronic records.
The deadline for public comments on the EEOC’s proposed rule is December 29, 2015.