How Legal Is Your Employee-Wellness Program?

The Equal Employment Opportunity Commission (EEOC) has recently issued much anticipated guidance on wellness programs and how an employer’s obligations under the Americans with Disabilities Act (ADA) interact with its rights and obligations under the Health Insurance Portability and Accountability Act (HIPAA) (as amended by the Affordable Care Act).  The EEOC issued a proposed rule on April 20.

What problem is the EEOC trying to resolve?

There is a conflict between the ADA rules on employer “medical inquiries,” on the one hand, and the “wellness program” provisions of the HIPAA/ACA, on the other.

Title I of the ADA (the part of the ADA that applies to private sector employers) generally prohibits employers from making “medical inquiries” of current employees unless the inquiries are “job-related and consistent with business necessity.” The general rule is that employers are not supposed to be asking for medical information from current employees.

There are some limited exceptions to this rule, including an exception for medical inquiries made in connection with a “voluntary wellness program.”  Many employers offer specific rewards or penalties to employees based on whether they participated in these wellness programs and even on whether they achieved certain “results.”

The EEOC's proposed rule says that a wellness program can still be “voluntary” for ADA purposes if the program provides “incentives” for employees (both rewards and penalties), as long as the employer complies with the wellness incentive requirements of the HIPAA/Affordable Care Act.

The proposed rule describes certain employer “best practices,” as follows:

• Employers should ensure that employees who handle medical information know their obligations under the laws.
• Employers should adopt privacy policies for collection and handling of employee medical information, assuming that they have not already done so.
• If medical information is stored electronically, it should be encrypted and other security measures implemented such as password protection and firewalls.
• If possible, employees who handle medical information should not be “making decisions related to employment, such as hiring, termination, or discipline.” If this is not possible, then the employer should ensure that there is no discrimination based on an employee’s disability.
• Breaches of confidentiality should be promptly and effectively addressed, and the affected employees should be informed immediately.
• Employers should take appropriate action against an employee who breaches confidentiality, and should “consider discontinuing” their relationships with vendors who breach confidentiality.

PRACTICE TIP:  Take a conservative approach in light of the uncertain legal landscape. A wellness plan is generally considered legal if it creates incentives instead of penalizing, but again the details of this have yet to be completely ironed out.  A wellness program has to comply with the ADA and thus refrain from requiring employees to meet specific health standards. Otherwise, it could be considered discriminatory.   Provide reasonable alternatives to achieve incentives and provide adequate notice of those alternatives.