What You Need to Know About Data Security and Wearable Devices in the Workplace

Now that wearables and smart technology devices are frequently used to incentivize and measure participation in workplace wellness programs, activity trackers have emerged as an important—and sometimes debated—link between employee and employer.

Concerns about personal data and activity trackers made the news (again) this week, with reports that U.S. soldiers may have inadvertently revealed the locations of remote military bases in Iraq, Afghanistan and Syria by publicly sharing their jogging routes via the Strava fitness app.

And during a series of meetings last year between Apple and Aetna, Aetna employees’ questions about the safety of the data on their employer-provided Apple Watches ended up dominating the discussion—and the news media’s coverage of that discussion. By way of background, Aetna partnered with Apple in 2016 to provide select large employers and individual customers with Apple Watches, as well as offering to reimburse all 50,000 of its own employees for the watches. Apple has stressed that health information is only shared with user consent, and Aetna is continuing to gather feedback from its employees about whether or not the watches have had an impact on their nutrition and exercise habits.

Of the Apple/Aetna meetings, CNBC reported, “One of the biggest concerns with companies like Apple and Fitbit collecting health information, like steps and heart rate, is that it could get into the wrong hands. These fears are amplified as technology companies strike deals with self-insured employers and health plans.”

So what are employers and health insurers doing with the data they collect from activity trackers? The large majority of those employers are doing nothing with it and are providing employees and/or their customers with wearable devices only to encourage health and wellness in hopes of increased productivity and engagement and decreased healthcare costs.

Though it’s now common across industries, the trend of doling out activity trackers to employees and customers was popularized by healthcare companies. Back in 2014, tech startup Oscar made headlines when it partnered with Misfit, a wearable device company, to link its customers’ biometric information straight to their health insurance, presenting Amazon gift cards to those who met their fitness goals.

Since 2016, UnitedHealthcare has awarded employees who meet fitness goals (as measured by their wearable devices) with monetary prizes and credits that can be applied to a health savings account or health reimbursement account. The company’s vice president of emerging products recently reported that its program, which it calls “Motion F.I.T.”, has yielded “very impressive” engagement and activity rates. And, as part of its Wellvolution program, Blue Shield of California leverages the Walkadoo app, which keeps track of activity and allows employee participants to earn awards such as Fitbits and Visa gift cards. It has since also invited some of its plan participants to engage with the app in exchange for awards. OptimaHealth, Cigna, Humana and other insurers additionally offer their members discounts and rewards tied to activity trackers.

Even as activity trackers have provided impetus for some corporate employees to prioritize their health, the practice of incentivizing with them has, in some ways, heightened the tension between personalized medicine and private information. Workplace wellness programs that are offered by group health plans to group health plan participants only are covered by Health Insurance Portability and Accountability Act (HIPAA) privacy and security rules, while wellness programs offered to all employees, however, are likely not covered by HIPAA.

Just last week we reported on a new ruling from a federal district court in Washington, D.C., in which the U.S. Equal Employment Opportunity Commission (EEOC) has been ordered to alter its rules on employer-sponsored wellness programs that financially penalize employees who refuse to provide personal medical and genetic information. As wearable healthcare technology grows more sophisticated, we suspect that the number of questions it raises will continue to grow, as will the opportunities it creates.