This week the Equal Employment Opportunity Commission (EEOC) filed a lawsuit to stop biometric screening that is part of a wellness program at Honeywell. At the heart of this case is privacy in the workplace. Can employees refuse to provide medical information requested by the employer’s health plan without facing financial penalties? The privacy community should be watching closely.

The facts of the case are as follows. Honeywell instituted a wellness program that includes biometric screening, i.e., physical measurement of the body, a blood draw, and a drug test for nicotine or its metabolites. The purpose of the screening is to identify health-related risks, such as high blood pressure or blood cholesterol, overweight, diabetes or smoking. Honeywell’s program does not require employees to meet any health-related targets. Employees are simply asked to participate in the screening, and are offered a substantial financial incentive to do so. Whether the incentive is presented as a reward for participation or punishment for refusing to participate, it amounts to $4,000 per year. At stake is $1,500 employer contribution to the employee’s Health Savings Account (HSA), $500 health plan surcharge, and $1,000 “tobacco surcharge” per person for the employee and his spouse covered under his plan.

Because the program is not tied to any health-related targets or improvement in individual health, its primary goal is to collect health information from employees. The information can be used in a variety of ways. The individual can use it to improve his or her health or seek care from a physician. The employer’s health plan or another company acting on its behalf can use the data to understand the health risks of a company’s employee population and to prioritize wellness offerings. The data can also be combined with other data, such as claims and attendance data, to forecast the company’s health and disability costs. Health plans can also use the data in the future to set health-related targets for employees, as permitted under both Health Insurance Portability and Accountability Act (HIPAA) and the Patient Protection and Affordable Care Act (ACA).

The fact that the Honeywell program is not tied to any health-related targets makes individual privacy the central issue in the employee’s refusal to participate. The employee who refuses to provide data is treated as if he presents a higher risk than an employee who agrees, even if, in fact, their health status is exactly the same. In addition to the $2,000 incentive tied directly to providing biometric screening data, the employee and his spouse who refuse to participate are also charged a “tobacco surcharge,” as would employees who failed the nicotine-related drug test.

Both the Americans with Disabilities Act (ADA) and the associated EEOC guidance permit voluntary wellness programs and associated voluntary medical exams. However, to date, the EEOC has not issued an opinion on how incentive payments affect the voluntary nature of wellness medical exams. After all, financial incentives are permissible under the ACA and were permissible under earlier law. Additionally, if employers provide health insurance, its price must meet the ACA’s definition of affordability, and IRS regulations state that affordability calculation cannot assume that individuals will earn wellness incentives.

In its latest case the EEOC argues that Honeywell’s program violates the ADA because it subjects participants to a non-voluntary medical exam unrelated to the individual’s job and is not consistent with business necessity. In effect, the EEOC is asking the courts to define what makes a wellness program voluntary within the meaning of the ADA. This is an awkward way of coming up with regulations. It is also an unfortunate way of creating privacy rules for the workplace.

This week the Equal Employment Opportunity Commission (EEOC) filed a lawsuit to stop biometric screening that is part of a wellness program at Honeywell. At the heart of this case is privacy in the workplace. Can employees refuse to provide medical information requested by the employer’s health plan without facing financial penalties? The privacy community should be watching closely.

The facts of the case are as follows. Honeywell instituted a wellness program that includes biometric screening, i.e., physical measurement of the body, a blood draw, and a drug test for nicotine or its metabolites. The purpose of the screening is to identify health-related risks, such as high blood pressure or blood cholesterol, overweight, diabetes or smoking. Honeywell’s program does not require employees to meet any health-related targets. Employees are simply asked to participate in the screening, and are offered a substantial financial incentive to do so. Whether the incentive is presented as a reward for participation or punishment for refusing to participate, it amounts to $4,000 per year. At stake is $1,500 employer contribution to the employee’s Health Savings Account (HSA), $500 health plan surcharge, and $1,000 “tobacco surcharge” per person for the employee and his spouse covered under his plan.

Because the program is not tied to any health-related targets or improvement in individual health, its primary goal is to collect health information from employees. The information can be used in a variety of ways. The individual can use it to improve his or her health or seek care from a physician. The employer’s health plan or another company acting on its behalf can use the data to understand the health risks of a company’s employee population and to prioritize wellness offerings. The data can also be combined with other data, such as claims and attendance data, to forecast the company’s health and disability costs. Health plans can also use the data in the future to set health-related targets for employees, as permitted under both Health Insurance Portability and Accountability Act (HIPAA) and the Patient Protection and Affordable Care Act (ACA).

The fact that the Honeywell program is not tied to any health-related targets makes individual privacy the central issue in the employee’s refusal to participate. The employee who refuses to provide data is treated as if he presents a higher risk than an employee who agrees, even if, in fact, their health status is exactly the same. In addition to the $2,000 incentive tied directly to providing biometric screening data, the employee and his spouse who refuse to participate are also charged a “tobacco surcharge,” as would employees who failed the nicotine-related drug test.

Both the Americans with Disabilities Act (ADA) and the associated EEOC guidance permit voluntary wellness programs and associated voluntary medical exams. However, to date, the EEOC has not issued an opinion on how incentive payments affect the voluntary nature of wellness medical exams. After all, financial incentives are permissible under the ACA and were permissible under earlier law. Additionally, if employers provide health insurance, its price must meet the ACA’s definition of affordability, and IRS regulations state that affordability calculation cannot assume that individuals will earn wellness incentives.

In its latest case the EEOC argues that Honeywell’s program violates the ADA because it subjects participants to a non-voluntary medical exam unrelated to the individual’s job and is not consistent with business necessity. In effect, the EEOC is asking the courts to define what makes a wellness program voluntary within the meaning of the ADA. This is an awkward way of coming up with regulations. It is also an unfortunate way of creating privacy rules for the workplace.

Originally published on LinkedIn on October 31, 2014