THCB

What If Your Employer Gets Access to Your Medical Records?

T was never a star service tech at the auto dealership where he worked for more than a decade. If you lined up all the techs, he wouldn’t stand out: medium height, late-middle age, pudgy, he was as middle-of-the-pack as a guy could get.

He was exactly the type of employee that his employer’s wellness vendor said was their ideal customer. They could fix him.

A genial sort, T thought nothing of sitting with a “health coach” to have his blood pressure and blood taken, get weighed, and then use the coach’s notebook computer to answer, for the first time in his life, a health risk appraisal.

He found many of the questions oddly personal: how much did he drink, how often did he have (unprotected) sex, did he use sleeping pills or pain relievers, was he depressed, did he have many friends, did he drive faster than the speed limit? But, not wanting to rock the boat, and anxious to the $100/month bonus that came with being in the wellness program, he coughed up this personal information.

The feedback T got, in the form of a letter sent to both his home and his company mailbox, was that he should lose weight, lower his cholesterol and blood pressure, and keep an eye on his blood sugar. Then, came the perfect storm that T never saw developing.

His dealership started cutting employees a month later. In the blink of an eye, a decade of service ended with a “thanks, it’s been nice to know you” letter and a few months of severance.

T found the timing of dismissal to be strangely coincidental with the incentivized disclosure of his health information.

An HHS investigation months later showed that T’s employer got access to health data it had no right to see and the service manager, with a wink and a nod from the dealership’s finance office, fingered T as expendable. It was a nice bonus — literally — that T departure lowered the dealership’s medical costs both immediately and over the long term, which is what every wellness vendor promises.

This data breach story is fictional. But, it’s coming. In fact, it has likely already happened but the employee doesn’t know it and the employer isn’t about to admit it. The lack of personal data security in Americans’ lives goes much farther than what the government might know about who you call or email.

Companies trade and sell huge databases of supposedly de-identified information and that’s on top of plain old stealing of insurance records.

Identify theft in medical settings is long-time problem that health reform has not remedied. Hackers see hospitals as a rich trove of useful personal data, and they attack in no small part because hospital leaders are so clueless about exposure. Even state governments are unfortunately all too willing to sell what isn’t really theirs.

The exemplar for health privacy foolishness, however, is undoubtedly AOL’s Tim Armstrong and his disclosure about the babies of two employees and how much money their care cost AOL. We are quite sure that the Fei family did not ask for his broadcasting of their travails. To this volatile mix, employers have welcomed wellness vendors, who are proving all too quickly that people in industries built on deception will eventually do what you expect them to do, like leave data-laden flash drives laying around.

It is only a few small steps from foolish and inappropriate to potential civil and criminal liability, and enthusiastically adding wellness vendors to our health privacy turmoil was liking drilling new holes in a block of swiss cheese.

Employees should ask employers about wellness program particulars: who stores the data, how is it stored and where, who has access to it, can the vendor package and sell it, what will the employer do when the data is breached and how will the vendor be held accountable? In most cases, your employer will not know the answers and even express shock that you had the gall to ask.

To get at the crux of the wellness dilemma, first, refuse to join the program.  (You can get a medical excuse from your physician.)  Then, ask your employer why your company’s wellness strategy relies upon such intrusiveness.

Wouldn’t it be easier, cheaper, and more effective to help people do things joyfully and build cohesion on the team, like creating exercise opportunities, serving better food, and helping people manage work stress while maintaining the integrity of their personal space?

With all the stress inherent in the lives of employees today, how is it ‘wellness’ when you give people more to worry about?

Vik Khanna is Wellness Editor-At-Large for THCB, writes the KhannaOnHealthBlog, and is co-author with Al Lewis, of Surviving Workplace Wellness With Your Dignity, Finances and Major Organs Intact, the inaugural e-book of THCB Press.

Livongo’s Post Ad Banner 728*90

22
Leave a Reply

9 Comment threads
13 Thread replies
0 Followers
 
Most reacted comment
Hottest comment thread
11 Comment authors
JohnWilliam McPeckDeborah LafkyAurthurAllan Recent comment authors
newest oldest most voted
John
Guest
John

This is so true. I managed a small (45 ee) company and two of the ee’s had high medical costs. It was known who they were, and there conditions were chronic and ongoing. The owner was thinking hard about getting rid of them to help control medical costs-though he would not state it as such.

It happens.

William McPeck
Guest
William McPeck

Thanks for raising the data security and use issue Vik. It is not one getting a lot of attention and discussion within the worksite wellness field. The questions you propose are certainly ones I will be including in any future RFPs and contracts I am involved in.

Deborah Lafky
Guest
Deborah Lafky

Yes, we have EEOC and we have an OCR in the DoJ. You may have noticed we also have an OCR in HHS and its job is to enforce HIPAA and other relevant health care laws. Clearly, not everyone obeys the law. But the fact is, the laws exist and are being enforced much more now than they had been. If employers don’t care if they court the fines, then they will do the wrong thing. That’s not news, it’s mundane reality. I suppose it’s totally implausible that an employer would have a vested interest in promoting health in the… Read more »

Vik Khanna
Guest

Giving people time and support for exercise, better food at lower prices, sabbaticals, fewer demands to be perpetually connected…all good wellness initiatives that cost little, are completely voluntary, and may or may not reduce medical care spending, but improve morale. Making people answer HRAs, have biometrics taken and interpreted by idiots, and go get preventive medical care that actually prevents little and facilitates false positive diagnoses…stupid, costly, and damaging to morale. We’re all for the former. The only people all in for the latter are people who make money off the programs and then have data that will one day… Read more »

Deborah Lafky
Guest
Deborah Lafky

Now wait just a minute. You set us up with a fictional scenario, tell us that there is NO evidence that it has yet happened, and then deliver the big scare: BUT IT COULD! This is irresponsible. If any employer is not aware that breaking into employee health data is illegal, then they have been hiding under a rock for 15 years. If they were to break into the data, they would be the subject of a HIPAA complaint and stand to lose way more money in a fine than they would save by terminating unhealthy employees. There are real… Read more »

Vik Khanna
Guest

Yes, and people once said the same thing about employers dismissing people for race or gender after the passage of civil rights laws. Won’t happen because everyone will obey the law and no one will want to be on the government’s hit parade. Happens all the time, which is why there is an EEOC and an OCR in the Justice Department. And perhaps you did not read through to the end of the article, which shows quite clearly, that the environment is ripe for theft of medical records and for idiocy by corporate leaders in the use of that information.… Read more »

Allan
Guest
Allan

AlVic, according to Nancy Pelosi T’s situation has improved. Without the job tying him down he will be able to pursue other avenues and fulfill his dreams. [Sarcasm alert]

Vik Khanna
Guest

Yes, and the new employer, too, will have a wellness program, so T can go ahead and prepare to get stiffed again. His only solution, according to her highness, is to open his own shop, buy insurance in the individual marketplace, and employ no one. Force entrepreneurship.

Allan
Guest
Allan

The alternative is for the employee to collect unemployment insurance. After all her highness Pelosi queen of the twits says; ” unemployment benefits remain one of the best ways to grow the economy”.

Vik Khanna
Guest

Touche. And that’s one of her more sagacious comments.

Peter1
Guest
Peter1

“Pelosi queen of the twits says; ” unemployment benefits remain one of the best ways to grow the economy”.”

The Fed thinks that the best way is to give free money to the banks – the ones that got us here.

Barry Carol
Guest
Barry Carol

Health insurance probably wouldn’t come through the employer either if it weren’t for the tax preference. We should get rid of that as part of broad based revenue neutral tax reform.

Vik Khanna
Guest

Clearly reasoned health reform would have certainly made that a high priority. But, that would have required actual thought and potentially risky leadership.

Peter1
Guest
Peter1

All the more reason for disconnecting health care from the employer.

Bobby Gladd
Guest

Copy that.

Vik Khanna
Guest

Absolutely agree. Not one of the other forms of insurance in our household comes through an employer: homeowners, professional liability, LTC.

MD as HELL
Guest
MD as HELL

Ditto that.

Aurthur
Guest
Aurthur

One way of looking at this issue is whether one prefers the employer to be the one looking out for their employee’s best interest in being insured or if you prefer the government to be the one looking out for the individual. I believe if you leave it up to the individual, you will have even more uninsured with or without any mandate, subsidy, or tax break. There are substantial segments of the population that will not spend any of their own money or effort to protect themselves and the tax payers from the costs of providing them with healthcare.… Read more »

Peter1
Guest
Peter1

“We see there are millions of individuals too lazy to bother signing up for Medicaid even though they have been eligible for years.” Agree the Medicaid population might not be the most motivated in life but other hurdles exist: “Some of them may have their priorities wrong, but many don’t. The real problem is that state governments are trying to save money by keeping eligible people off the insurance rolls. In 2007, Health Affairs reported that fully one-third of all eligible but uninsured children had been booted out of Medicaid or SCHIP for no good reason, after being enrolled in… Read more »

Bobby Gladd
Guest

“Wouldn’t it be easier, cheaper, and more effective to help people do things joyfully and build cohesion on the team, like creating exercise opportunities, serving better food, and helping people manage work stress while maintaining the integrity of their personal space?

With all the stress inherent in the lives of employees today, how is it ‘wellness’ when you give people more to worry about?”
__

Exactly. That was my one lament as I reviewed and critiqued your fine book on my REC Blog recently. I’ll have to update that post with a citation and link to this.

You guys gonna be at HIMSS14?

Bobby Gladd
Guest

BTW, I have long experience studying and writing about the upshot in trafficking in others’ private data. See my 2008 post

Privacy and the 4th Amendment amid the “War on Terror”

http://bgladd.blogspot.com/2008/07/privacy-and-4th-amendment-amid-war-on.html

Probably gonna have to re-visit that with the latest stuff — NSA, social media modeling ans peddling of your information, etc.

Perry
Guest
Perry

Big Brother strikes again. “1984” doesn’t look so unlikely now does it?