Apple Watches and Fitbits are fast-becoming tools in the workplace. Employers view these devices as a way to measure productivity and safety while insurers can use them to track workers’ health indicators and habits.
In fact, some companies are already encouraging employees to wear fitness trackers as part of optional corporate wellness programs. Employees can share their step counts or hours of sleep with their employer or health insurer, usually enabling the employer to get preferential terms on employee insurance. According to Kelly Fenol, head of operation at an Indianapolis-based company that designs and runs wellness programs, anywhere between 40% and 50% of employers that have a wellness program use trackers. Fenol says the tracking plans are strictly optional, and that employers are generally careful to keep their hands off the data, often by hiring a third-party provider to maintain it and only receiving anonymous data themselves.
However, can collecting data on employees’ health and their physical movement ignite a plethora of potential ethical and legal headaches for employers, including when data can be used and disclosed, and what security safeguards should be in place? At the federal level, compliance with the Health Insurance Portability and Accountability Act (HIPAA), the Americans with Disabilities Act (ADA), and the Genetic Information Nondiscrimination Act (GINA) should be on every employer’s list.
It’s important employers that mandate wearables provide a policy stating the job-related reason for collecting the data and the limits on its use. For example, one attorney interviewed in an article by the Wall Street Journal explained that “as employers turn to productivity data to justify raises, promotions and firings, such data likely will become key in employer-employee litigation. If less active employees are being penalized, employees might bring a claim that the company is discriminating against less healthy employees or those with a disability.” In fact, claims under the ADA might be the greatest risk for employers who collect activity data.
HIPAA too may apply to wearables and their collection of health-related data when related to the operation of a group health plan. Employers will need to consider the implications of this popular set of privacy and security standards including whether changes are needed in the plan’s Notice of Privacy Practices, business associate agreements are needed with certain vendors, and the plan’s risk assessment and policies and procedures adequately address the security of personal health information (PHI) in connection with these devices.
Moreover, wellness programs increasingly seek to incentivize the household, or at least employees and their spouses. Collecting data from wearables of both employee and spouse may raise issues under GINA, which prohibits employers from providing incentives to obtain genetic information from employees. Genetic information includes the manifestation of disease in family members (spouses are considered family members under GINA).
It’s prudent for employers to look at all the technologies and devices being used by their employees – both officially and unofficially – and review their policies and procedures to ensure that they are in compliance and that legal risks are mitigated as much as possible. Also, be sure that a company’s Employment Practices Liability Insurance (EPLI) policy is reviewed to respond in the event of a workplace-related lawsuit such as discrimination. Caitlin Morgan specializes in EPLI and would be happy to discuss our program options with you. Just give us a call at 877.226.1027.