Federal regulators are weighing reforms to widespread workplace wellness programs that could affect how personal data from consumer-grade fitness bands and smartwatches is kept confidential.
The U.S. Equal Employment Opportunity Commission (EEOC) issued a proposed rule that would amend regulations in Title 1 of the Americans with Disabilities Act (ADA) of 1990 as it relates to employer wellness programs used by as many as 580,000 U.S. companies. Public comments are being accepted online through today.
The proposed rule and supporting documentation, while lengthy, don't directly refer to worker data obtained from fitness bands like the Fitbit or smartwatches like the Moto 360 or Apple Watch. Still, the data gathered as part of a company-sponsored fitness program could fall under the proposed rule, depending on whether it is deemed "medical information," according to an EEOC spokesman.
"If the information the employer is obtaining is considered 'medical information' (e.g., a person's heart rate over a period of time), then the information would be subject to the ADA's confidentiality requirements regardless of how the employer obtains this information," said EEOC spokesman James Ryan in an email. "By contrast, information that would not be deemed medical information (e.g., how many steps a person takes per day, number of active minutes or calories burned) is not subject to the ADA's restrictions on disclosure."
It isn't clear how often such medical information is gathered by companies from employees participating in wellness programs and wear fitness devices that transmit data to seemingly confidential databases. However, recording a person's heart rate over a workout or several workouts is a feature of many new smartwatches and fitness apps.
At data management company Iron Mountain, 1,600 workers use a variety of consumer-grade wearables to collect data, such as steps walked over a year, that is used in a company wellness program called LiveWell. There's been a concerted effort to keep employee's fitness data confidential and out of company hands. The data is stored in the database of a third-party wellness software company called Limeade, said Scott Kirschner, director of benefits strategy at Iron Mountain.
The fitness wearables used at Iron Mountain are "in the early stages and they are offering an indicator of fitness levels, but still they are not taking biometric markers," Kirschner said in an interview. "They are not being used to tell somebody they have symptoms like asthma or diabetes, and those things fall into protected health information under HIPAA," also known as the federal Health Insurance Portability and Accountability Act of 1996.
EEOC rule could mean the end Iron Mountain's wellness plan
In public online comments, Kirschner objected to the EEOC's proposed rule, saying if the proposed regulation is made permanent, "our recourse would probably be to eliminate this [wellness] plan or dramatically increase employee cost-sharing for it..."
Sign up for CIO Asia eNewsletters.