Main Menu

Employment Privacy Blog

News, commentary, and legal updates from attorneys in the Data Security and Workplace Privacy Practice Group at Fisher Phillips.
Big Data and Employee Health Care

The average American worker has nearly a library worth of data existing digitally. What if employers could use such information to lower the cost of employee health care? A growing number of businesses are asking that very question and have begun using employee data to identify health risks in their workforce.

In trying to stem the rising cost of health care companies like Wal-Mart are using “health care analytics companies,” otherwise known as wellness firms to collect and analyze employee health information. The data collected includes seemingly obvious measures such as visits to the gym and medical claims. Wellness firms do not stop there however and also collect seemingly unrelated data points, such as voting habits (participation in mid-terms indicates an active community life) and credit scores (correlated with a lower likelihood to fill prescriptions). In doing so, it is hoped that employers will have greater insight into their employees’ health. In doing so, they may even be able to predict health risks and point participants towards medical providers and services such as recommending testing for diabetes or heart disease before symptoms arise.

As employers become more involved in employee wellness, privacy advocates worry that management may obtain private health information and use it to make workplace decisions, running afoul of Federal and State privacy laws such as HIPAA and GINA. To manage these risks, employers grant wellness firms the right to collect information from insurers and other health companies that work with the employer. Critically, employees must grant permission to share such information. An extra layer of security is also provided by the fact that wellness firms only provide the aggregated data on groups of forty or more employees, making it difficult to identify individuals.

Privacy advocates worry that such safeguards may not be enough without additional rules and protections in place however. HIPAA, for example, does not typically apply to insurance claims or internet search queries (think of all those WebMD self-diagnoses made when you have that persistent headache). One particular example of such data gathering leading to questions of privacy occurred 2012 when Target used data analytics to identify which of its customers were pregnant. What might happen then if, for instance, an employer had anticipated that 20% of its employees participating in data gathering were at risk for heart disease, but learned the figure is closer to 30%? Privacy advocates worry that such a revelation may lead an employer to make an effort (conscious or otherwise) to take adverse action against employees above a certain BMI?

While it remains to be seen how far employee data gathering will go in the coming years, it is likely that improved health outcomes, and lower health costs will make it a growing trend. These potential rewards will likely need to be balanced against privacy concerns, requiring input from actors in the tech, medical, and legal communities.

Recent Posts

Category List


Back to Page