Blog Post

Data Privacy – What does My Wearable And Corporate Health Program Tell My Employer?

Posted on

Wearables, a trendy addition to the fitness scene, along with corporate health programs can provide valuable insights into your health — alerting you on aspects like the number of calories you’ve burnt and how well you’ve slept, to potential health risks you may face down the road.

Now imagine having all that information in the hands of your direct manager or employer. How comfortable (or uncomfortable) would that make you feel? It’s likely that you’d be concerned about the possibility of your health condition having an impact on how you’re assessed or viewed at work, regardless of your job performance.

But wait — does your employer actually have access to all of these information? What do they know, and what do they use the data gathered from wearables and corporate health programs for? Lets lift the lid and have a look at data privacy within wellness programs:

What’s being tracked?

  • Fitness trackers:

Most fitness trackers help you keep track of your activities, like the number of steps taken or floors climbed, along with the amount of calories burnt, sleep quality and heart rate.

  • Corporate health programs:

The majority of health programs include a health risk assessment and biometric screening, where participants receive a personal health report with targeted recommendations after the assessments are completed.

What data lands in the hands of your employer?

Personal health reports from health risk assessments and biometric screenings come packed with details about your health status and potential health risks that you face. It’s a lot of important information, so it’s no wonder that employees are concerned about data privacy and security. After all, few individuals would be keen on the notion of letting their employer have full access to their personal health information.

But do employers actually have access to this data? Well, they don’t — after a health risk assessment or biometric screening is completed, employees are the only ones who receive a personalised health report. What usually lands in the hands of your employer is an aggregate health report — one that contains a summary of the collective health risks within the organisation. All personal data is anonymised, and is not available on an individual basis.

Findings in the aggregate report show an organisation’s overall risk status, risk factors and productivity indicators, and the collective results may be filtered by business units or health metrics. Statistics, like “80 percent of your workforce don’t meet the daily required recommendations for fruits and vegetables” or “office workers complete just 25 – 30 percent of the recommended daily activity” are included to provide revealing insights into the health trends and practices within your organisation. In this sense each individual has total data privacy.

So what’s the data used for?

Aggregate data is used for the following:

  • Productivity improvement:

Targeted recommendations can be made once employers gain insights on the current health practices of their employees and how it affects their productivity levels.

Let’s take the example of two sales divisions. An organisation receives aggregate results reporting a significant difference between the performance of the two teams when the more productive team clocks an additional hour of sleep each night compared to the other. With this information at hand, the employer can be confident that offering a sleep improvement program will be a well-targeted solution for improved productivity.

  • Engagement:

Insights from the aggregate report act as a compass that points employers in the right direction. By learning about what motivates their staff, employers are placed in a more knowledgeable position to implement initiatives that truly connect with and meaningfully engages their employees.

  • Risk mitigation:

Through the aggregate health report, employers gain a clear perspective of the health status of their group of employees. This knowledge allows employers to offer supportive solutions to get the most out of the health management process as they’re able to zoom in on specific problem areas of their staff groups rather than making a best guess. There’s no point in offering an activity program if your employees are already active enough.

This data intelligence provides efficiency so that any initiatives offered to the staff are going to offer maximum health benefits and avoid time-wasters.

But there are rising data privacy and security concerns…

With the rising popularity and usage of wearables, it’s inevitable that new data security concerns emerge. While the collection of personal health information via corporate wellness programs isn’t something new, the data tracked using wearable devices are more personal. A broader range of information can be collected, and when analysed, may reveal quite a lot about an individual’s health status.

Few people understand the amount or type of information collected, as well as significance of sharing this information, which adds on to the risk of data privacy and security — particularly when data is transmitted to the cloud and health program provider.

What can employers do to ensure the data privacy of their employees?

But all hope is not lost. There are guidelines that employers can follow to help achieve data privacy and keep their employees’ information safe and secure:

  1. Provide notification to employees that specifies the following:
  • The type of health data that will be collected, analysed and disclosed
  • The purpose that the data will be used for
  • If wearables are included as part of the program, the notice should inform employees that activities out of their work hours may be tracked and collected.

2. Establish contractual agreements with health providers. These agreements should specify the following:

  • The third party provider is responsible for implementing measures to protect personal data from unauthorised or unlawful access
  • All information collected should only be used for providing services to the organisation
  • Information used should be anonymised and aggregated

3. Enforce internal policies:

Employers need to implement policies that prevent decision makers and managers from having access to health data collected, as well as to prevent personal data from being solicited.

4. Outsource:

Consideration should be given to outsourcing the administrative processes relating to the corporate wellness programs. Third party providers maintain arms length relationships to any other HR information and processes and may offer employees another layer of confidence.

5. Conduct background checks:

Run reference checks on health providers to ensure that they hold a positive track record.

6. Perform security audits:

Seek documentation from health providers about security protocols on a regular basis.

7. Tap on technology:

Apply enhanced security and privacy protocols like data encryption, SSL security, permission controlled access and password protection to keep health records secure and private.

To sum it up:

For employees…

  • Data is obtained and tracked through fitness trackers and corporate health programs.
  • Employers don’t receive personalised information. All data is anonymised, and made available in an aggregate health report.
  • Employers use these data to improve engagement and productivity levels, as well as for risk mitigation.

For employers…

  • Be aware of rising data security risks and concerns.
  • Take steps to keep your employees’ health data secure and by using methods like enforcing internal policies, outsourcing health data administrative matters to third party vendors, performing security audits, conducting reference checks on health providers and tapping on technology to maximise data privacy and security.

wellteq is a connected wellness platform that offers a series of health tech programs for employee engagement and HR data analytics. Through the use of technology, they are re-connecting people with health and organisations with stronger productivity.