Workplace Wellness Programs Put Employee Privacy At Risk
Updated Oct. 1, 4:30 p.m.
Houston workers who checked the fine print said they weren鈥檛 sure whether they were joining an employee wellness program or a marketing scheme.
Last fall the city of Houston required employees to tell an online wellness company about their disease history, drug and seat-belt use, blood pressure and other delicate information.
The company, hired to improve worker health and lower medical costs, could pass the data to 鈥渢hird party vendors acting on our behalf,鈥 according to an authorization form. The information might be posted in areas 鈥渢hat are reviewable to the public.鈥 It might also be 鈥渟ubject to re-disclosure鈥 and 鈥渘o longer protected by privacy law.鈥
Employees could refuse to give permission or opt not to take the screen, called a health risk assessment 鈥 but only if they paid an extra $300 a year for medical coverage.
鈥淲e don鈥檛 mind giving our information to our health care providers,鈥 said Ray Hunt, president of the Houston Police Officers鈥 Union, which objected so strongly along with other employees that the city switched to a different program. 鈥淏ut we don鈥檛 want to give it to a vendor that has carte blanche to give that information to anybody they want to.鈥
Millions of people find themselves in the same position as that of the Houston cops. As more employers grasp wellness as the latest promised solution to soaring health costs, they鈥檙e pressuring workers to give unfamiliar companies detailed data about the most sensitive parts of their lives.
But whether or not that information stays private is anything but clear, an examination by Kaiser Health News shows.
In many workplace wellness programs, 鈥渋t seems by taking the health risk assessment you are waiving your privacy rights,鈥 said Jennifer Mathis, director of programs at the Bazelon Center for Mental Health Law.
At worst, shared information about sensitive conditions could support discrimination by employers, banks, life insurance companies and others. Wellness data is already escaping into what one expert calls 鈥渢he great American marketing machine鈥 that pitches products according to your diseases and lifestyles, privacy scholars say.
Wellness vendors charge employers a per-person fee to assess workers鈥 health and motivate them to exercise, eat well, see doctors and take pills. Companies push workers to participate with gift cards, insurance discounts and other rewards or penalties.
As employers flock to the wellness parade, corporate wellness vendors make up what research firm IBISWorld predicts will be a $12 billion industry by 2020 鈥 its estimated size in 2011.
Privacy advocates see a void of regulation or even voluntary standards to ensure the information is used as intended. By all accounts the amount of worker wellness data being collected 鈥 through the Web, company surveys, wearable devices, gym records and lab tests 鈥 is exploding.
鈥淭he privacy issues are profound,鈥 said Pam Dixon, executive director of the World Privacy Forum, an advocacy group. 鈥淚f people are being asked to wear a biometric electronic device, or use a mobile app or work within a wellness program, that data can be used in ways that may be very, very surprising to people.鈥
Numerous wellness vendors say flatly that privacy is critical to their reputation and that they don鈥檛 share information on individual workers with employers, data brokers or marketing companies.听 But as the Houston employees found out, the fine print isn鈥檛 so plain or reassuring.
鈥 Few workers know that wellness contractors are often unbound by the strict privacy law, known as the Health Insurance Portability and Accountability Act (HIPAA), that restricts doctors and hospitals.
鈥 A review of privacy policies shows that many wellness vendors adopt policies allowing them to share identifiable data with unidentified 鈥渢hird parties鈥 and 鈥渁gents鈥 working to improve employee health.
鈥 The industry boom has drawn a widening network of fitness centers, websites, app publishers, wearable device makers and other affiliates working with wellness plans to collect employee health information 鈥 each with its own complicated privacy policy. That boosts chances data will be misused, privacy advocates say.
鈥 Wellness companies and their contractors routinely share almost completely unregulated 鈥渄e-identified鈥 data showing group heath results with employers, researchers and others. Scientists have shown such information can be 鈥渞e-identified鈥 and used for marketing, potential credit screening and other purposes.
Wellness vendor Audax Health, whose work with Houston resulted in 鈥渁n overwhelming number of employees who were uncomfortable with the privacy statement,鈥 according to a city statement to employees, said it keeps information strictly confidential. Audax鈥檚 online portal for employees is called Zensey.
鈥淲e do not sell or resell personal health information to anyone,鈥 including marketing companies and data brokers, David Sclar, Audax鈥檚 chief privacy officer, said through a spokesman. 鈥淲e do not allow third parties to market to Zensey users.鈥
But contradicts the second part of his statement, saying the vendor may direct marketing pitches from third parties to wellness members based on 鈥渁ttributes鈥 it collects from those employees. Audax is majority-owned by insurer UnitedHealth Group.
Other big wellness vendors, including venture-capital backed Welltok, include similar language in their disclosures. Welltok might 鈥渢arget certain advertisements to your browser,鈥 without identifying the user.
That permission 鈥渕ay be broader than needed,鈥 said Welltok spokeswoman Erica Morgenstern. Welltok does not target ads at users and might change the language the next time it revises the disclosure, she said.
Welltok co-founder Jeff Cohen said the company doesn鈥檛 鈥渦se and sell and share the data from our platform about users to third parties.鈥
听
Primary wellness vendors such as Audax and Welltok aren鈥檛 the only ones collecting employee health data. Wearable device makers, test labs, gym chains, data centers, workout-app publishers are also part of the gold rush.
As frequent partners of employers and wellness providers, each of those companies also gathers worker information of varying sensitivity 鈥 often with employers pushing workers to participate 鈥 in what amounts to a widening wellness data web.
Lose It!, one of the most popular diet apps for smartphones, works with employee wellness plans to track your calories and weight via a wireless scale.
The assures users of Apple products that information on their weight and eating habits won鈥檛 be used for 鈥渁dvertising or other use-based data mining purposes鈥 except for health research. Results for non-Apple users, on the other hand, might be given to 鈥渁dvertisers and potential business partners鈥 with the identities removed.
That鈥檚 a lower level of protection, even without identification, lawyers said.
Nobody at Boston-based Lose It! was available to answer questions about corporate wellness and privacy, a spokeswoman said.
鈥淲hat are the vendors doing with the data they collect?听 They aren鈥檛 telling us,鈥 said Ifeoma Ajunwa, who teaches health law at the University of the District of Columbia. 鈥淎re they selling it?听 I would be surprised if they鈥檙e not selling it, because it鈥檚 valuable.鈥
Two years ago Under Armour bought MapMyFitness, another app promoted for use in corporate-wellness programs, and turned it into an ad vehicle for its athletic apparel.
The app records workout routes, times and speeds and shares data with wellness vendors and Under Armour itself, . Users see ads for Under Armour gear and other products on their smartphones and computers.
Data from MapMyFitness and other apps bought by Under Armour 鈥渋s going to be extraordinary,鈥 company CEO Kevin Plank told industry analysts this year. 鈥淭his will help us sell more shirts and shoes,鈥 he has repeatedly said.
An Under Armour spokeswoman referred a reporter asking about data policies and wellness programs to MapMyFitness鈥 privacy statement.
More than 13 million Fitbits and other wearable health devices will be used in corporate wellness plans by 2018, . Data gathered by the Fitbit can include height, weight, heart rates and sleeping and exercise patterns.
鈥淣ow Fitbit has that information and the wellness program has it,鈥 said Robert Gellman, a privacy consultant and former congressional staffer. 鈥淚 don鈥檛 know of any best practices from wellness industry [to handle the data]. It鈥檚 the Wild West.鈥
Fitbit did not respond to several requests to discuss privacy. The company won鈥檛 鈥渟ell any data that could identify you鈥 and shares information only when necessary to provide the service, when the data are anonymous or with user permission, its .
Employer wellness programs even follow you to the supermarket.
A firm assigns health grades to thousands of food products and lets grocers record member shopping. Stores report scores 鈥 but not specific purchases 鈥 to the wellness vendor, says NutriSavings. Members get rewards from their employer based on what they buy.
Wellness information isn鈥檛 just valuable for selling stuff. Privacy advocates especially worry that the results might be shared with data brokers who crunch information and sell it to banks and other financial firms.
鈥淭hat鈥檚 where the data then moves into other parts of the economy 鈥 lending decisions, credit decisions, mortgage decisions,鈥 said Scott Peppet, a law professor and privacy specialist at the University of Colorado. 鈥淥nce these data are in the hands of a data broker, they can be blended into any kind of formula.鈥
Credit-card companies could raise rates for employees that wellness programs reveal to be couch potatoes, inferring that they are more likely to default. Life insurers could deny coverage or raise prices based on unhealthy wellness results. Insurer to life insurance customers who agree to wear a Fitbit, share data and attain certain scores.
No one knows whether data brokers are getting workplace wellness information. But despite what many employees believe, not all wellness information is protected by , which authorizes only doctors, insurance plans and others close to a patients鈥 care to see their medical data.
鈥淧eople assume all their health information is covered by HIPAA and that鈥檚 just not true,鈥 Gellman said. 鈥淲ellness programs are on the border. Some are and some aren鈥檛. How can a mere mortal tell? A lot of information can escape into the great American marketing machine, which is desperate to get information on a person鈥檚 health.鈥
Wellness vendors are supposed to obey HIPAA restrictions if they鈥檙e . But it鈥檚 far from clear what that means.
The National Committee for Quality Assurance, a respected health care certification group, asks workplace wellness groups it accredits to observe HIPAA rules and require the same from third parties they work with.
But NCQA recognizes wellness vendors out of hundreds. Even a 鈥淗IPAA-compliant鈥 program could induce workers to waive their rights without knowing it, consumer advocates said.
Nor does HIPAA protect the de-identified health information that wellness providers routinely share with employers and other, unidentified outside parties, according to their privacy policies. De-identified data might include blood pressure, cholesterol, drug use and disease history.
Researchers have shown that such information can be linked to the subject by combining it with voter lists, credit-card records and other databases. Harvard investigators used birthdays and zip codes in a de-identified genetics survey two years ago of the participants were.
Until recently, Audax鈥檚 policy stated that the company could use de-identified employee data 鈥渇or any business purpose.鈥 It removed that language after KHN inquired about privacy.
Fitbit and Limeade, a wellness provider in Bellevue, Wash., using their anonymized data from trying to re-identify the users.
But that policy 鈥 the kind and others 鈥 is unusual among wellness providers, KHN鈥檚 review shows.
鈥淲e haven鈥檛 really stepped into regulating this or decided if to regulate this,鈥 said Peppet, who favors employer wellness efforts despite his concerns about confidentiality. 鈥淚鈥檓 expecting over the next couple of years we鈥檒l probably see some problems.鈥
Julie Appleby contributed to this story.
Kaiser Health News is an editorially independent program of the .
Note: This story was updated to reflect Welltok鈥檚 most recent privacy policy.听