Expert urges regulators to restrict how companies can access and use employee health data.
What if your boss used your heart rate to infer your stress level and decided not to promote you?
According to a recent article by Bentley University professor Elizabeth A. Brown, your boss should be punished for breaking the law. But there are no current regulations preventing employers from using health data in this way. Brown argues that employees need more legal protections, especially with employers increasingly collecting biometric information, such as DNA, fingerprints, eye scans and facial images.
One of the ways that employers collect this biometric information is through the use of wearable devices, such as smart watches and fitness trackers, which are often part of employers’ workplace wellness programs. Brown explains that workplace wellness is now an $ 8 billion industry in which employers can encourage workers to quit smoking, exercise more, or meditate. As more and more employers offer workplace wellness programs to their employees, they can also collect more biometric information through wearable devices and related apps.
Employers can collect employee data to provide more guidance and resources to workers who are under more stress. They may also believe that healthy workers are more productive and will have lower health insurance costs in the long run.
The collection of biometric data, however, can come at the cost of poor measurement of workers due to inaccurate data. After all, wearables can go wrong.
Additionally, third-party data collectors use algorithms to create “risk scores” based on biometric data that claim to predict likely diseases and behaviors for a given individual, which may not be reliable. While acknowledging that healthcare providers can use predictive risk scores to assess possible treatments for their patients, Brown stresses that companies generating these scores must explain their algorithms or demonstrate that they are not biased.
Employees who use apps that track reproductive health are particularly vulnerable, according to Brown, as employers could gain access to data on fitness bracelets, smart watches, and apps that track fertility, predict ovulation, and monitor fertility. fetus. This monitoring could lead employers to discriminate on the basis of sex, pregnancy or expected pregnancy. Although the United States has anti-discrimination laws, such as the Civil Rights Act of 1964 and the Pregnancy Discrimination Act of 1978, these laws do not protect against the misuse of health data.
The availability of biometric and health tracking data increases the potential for employers to trust them to make unfavorable employment decisions. Brown cites a study that found that most global business leaders are not “very confident” in their ability to responsibly collect and analyze data when it comes to their employees.
Despite employers’ self-reported lack of confidence in handling employee health data responsibly, Brown predicts that employees will not object to employers collecting their data as biometric and health tracking is ubiquitous in the United States . Apple phones use facial recognition to unlock, and one in two American adults is already in a law enforcement facial recognition database.
Employee perceptions of the usefulness of the data suggest that employees may not be resistant to employers who use the data in worker reviews. Brown cites a survey showing that nearly 80% of workers would like to receive data-driven feedback to optimize their time, and 82% of workers polled agreed that “compensation, promotion and evaluation decisions” based on data would be less biased and more precise.
Employee desire for confidentiality has increased, however, when considering the use of health data by employers. Brown cites a study showing that 93 percent of workers surveyed wanted to keep their smoking habits private from employers, and 81 percent wanted to keep their alcohol consumption out of employment decisions.
Additionally, Brown raises the issue of the power imbalance between employers and employees. If employers penalize workers who refuse to allow access to their health data through workplace wellness programs, then workers may effectively not have a choice to participate in wellness programs. or protect the confidentiality of their biometric data.
Brown argues that as companies deploy increasingly sophisticated methods of collecting biometric and health data, regulators should balance the value of data collection with the potential drawbacks of using that data to take unfavorable employment decisions. For example, employers bear the cost of health insurance, so employers facing downsizing may choose to lay off employees they find costly to insure, whether or not these forecasts are accurate.
Brown points out that the Health Insurance Portability and Accountability Act (HIPAA) does not protect employees of third-party companies that collect data as part of workplace wellness programs. Health-related apps can sell user health information without violating HIPAA because HIPAA only covers healthcare providers.
In light of inadequate legal protection, Brown advocates the need for clear guidelines on how businesses can use biometric and health data.
Brown suggests strengthening existing health privacy protections to cover biometric and health data. The researchers proposed amending the HIPAA law to regulate biometric surveillance devices, including wearable technologies within the definition of âregulated medical deviceâ rather than considering them as âconsumer electronic devicesâ. Brown also suggests expanding HIPAA’s definition of âpersonally identifiableâ to include all health data, as well as its definition of âbusiness associatesâ to include clothing manufacturers.
Brown also suggests amending the Affordable Care Act to clarify that neither employers nor their business partners can collect biometric and health-related data as part of voluntary workplace wellness programs.
In light of the expanding wearable tech market and the potential for employers to misuse sensitive data, Brown is urging lawmakers to protect the biometric data and the employees at stake.