Privacy rights are facing enormous threats in the United States – from CBP asking for social media passwords at the border to the potential rollback of broadband privacy rules. The most recent danger to privacy advanced on Wednesday when the House Education and Workforce Committee moved H.R. 1313 forward, a bill that would strip away privacy protections for people enrolled in workplace wellness programs.
The Affordable Care Act incentivized wellness programs for companies, which is estimated to be worth nearly $6 billion. More than two-thirds of U.S.-based employers offer some type of wellness program, despite the fact that some studies have questioned their effectiveness.
Wellness programs allow employers to ask their employees about personal health information. The Health Insurance Portability and Accountability Act (HIPAA) requires a person’s consent and notice before their health information can be collected and shared by health care entities or with third parties. But wellness program vendors are typically not considered health care providers, and the information they collect is not covered by HIPAA; wellness vendors often sell employee health data to third parties without informing or asking the individual.
An employer’s ability to collect and use the health information of their employees is tempered by two foundational privacy laws, the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA). The ADA and GINA prevent employers from asking employees to disclose some types of highly sensitive health information – such as pregnancy status, mental health treatment, and genetic predispositions to disease – unless the information is related to a person’s ability to do their job.
H.R. 1313 removes these protections. It would allow employers to financially penalize people who refuse to disclose their information, forcing workers who can’t afford the penalties to compromise their privacy rights. However, this doesn’t just stop at employees; the law would permit employers to require employees to reveal information about their families’ health as well.
The bill also extends the ADA’s “safe harbor” for insurance underwriting to workplace wellness programs, allowing them to apply discrimination based on health. This is all despite the fact that recent regulations issued by the EEOC have made clear that the safe harbor does not and should not protect wellness programs.
This weekend at SXSW, I’ll dig into the privacy concerns that employee wellness programs raise, and the serious threat to privacy posed by HR 1313.