First do no harm – with my health data

CC-BY SA 2.0 by

There are lots of circumstances under which your employer can legally get access to your personal health information. Just a few examples:

  • You file for a disability accommodation, a worker’s compensation claim or medical leave.
  • You use a company computer to browse for information about prenatal care.
  • You participate in a company wellness fair where your weight, blood pressure and body fat are measured.

You have to trust your employer not to use that information in ways that are harmful to you. Do you? Would you even necessarily know if they did?

The Wall Street Journal recently reported that some companies, like the steadily nefarious Walmart, are hiring outside “employee wellness firms” to mine employee data. The information they collect ranges from what employees buy and where to what prescriptions they’re getting filled—in theory, in order to identify employees with certain health conditions and make predictive suggestions to help manage their healthcare.1

Employers might use wellness program data to negotiate health insurance discounts (one of my past employers did). They might sell or inadvertently release your data to advertisers, too (that’s in addition to all the data you’re already giving away – more about that in a future post).

Wellness data is already escaping into what one expert calls “the great American marketing machine” that pitches products according to your diseases and lifestyles, privacy scholars say.2

Employers can also use health-related information to discriminate against you. For example, there’s already plenty of evidence of discrimination against overweight and obese people in the workplace7. But to add insult to injury, an employer might also discriminate against overweight individuals on the basis of health costs – thinking that it would save the company some health insurance and sick day costs to have fewer overweight people on staff, or that extra weight means extra health insurance and sick days costs which the company consciously or unconsciously compensates for by paying overweight people less salary.

As an employee, your legal protections against this kind of discrimination are spotty. There are laws meant to keep our employers specifically from using our health information to discriminate against us in hiring and from mishandling any of our electronically transmitted health information: the Genetic Information Nondiscrimination Act of 2008, Americans with Disabilities Act, Health Information Portability and Accountability Act. But federal law provides no protection against weight-based discrimination in the workplace (unless you are morbidly obese, in which case you can seek protection under the ADA), and all bets are off at small companies (less than 15 employees, according to the ADA). And much of the health data companies can collect about you isn’t subject to HIPAA at all.

Make no mistake; care for your well-being may not be the only or primary reason for an employer to sponsor a wellness program. They’re probably doing it because they think it’ll make the company more profitable. They may even show your health data to shareholders to encourage shareholders to keep or buy stock in the company.

Assume for a minute that the study showing that companies with wellness programs outperform the stock market is correct. That would mean portfolio managers would drive up the prices of companies with a low percentage of overweight employees. What then happens to the employment prospects of overweight workers? Why wouldn’t a company try to shed as many overweight employees as possible and hire fewer new ones in order to maximize shareholder value?6

If you’re feeling violated already, I don’t have to do much to convince you of the right-to-privacy issues with this development.

It shouldn’t be surprising that companies would invest in data-driven measures to reduce healthcare costs. All the incentives point in that direction. The U.S. has close to the highest per capita healthcare costs in the world and a strange system of employer-based healthcare3,4. A company that’s shouldering a major portion of your inflated healthcare costs would naturally look for ways to economize.

Besides sheer violations of privacy, there’s at least one more reason why we Americans should be uncomfortable with our employers mining our data to shape our health: employment and healthcare are already far too closely intertwined4. How many people leave a job, take a job or stay in a job largely because of the health insurance coverage it does or doesn’t provide? Access to healthcare doesn’t have to factor into employment decisions, and in most developed countries it doesn’t nearly to the degree that it does in the U.S.

I doubt this kind of thing is happening as much in developed countries with single-payer healthcare, or in countries that don’t bundle health insurance with employment.

You could see this as a reasonably pragmatic measure on the part of the employer. Everybody’s doing it; Google and Facebook, for example, make massive amounts of money off their ability to collect our personal and aggregate data and use it to customize our online experiences. That is to say, they’re selling wildly successful products like AdWords and Facebook Ads that are effective precisely because these companies can use all the data we give them, and more, to predict which ads we’ll be more responsive to. Why shouldn’t other companies benefit from big data analytics?

There’s absolutely nothing stopping a third party from mining all sorts of available information about you (information that we are all constantly giving away; more about that in a future post) and selling their insights to your employer. It’s one way that companies can (and do) blithely violate the spirit but not the letter of privacy and anti-discrimination legislation.

Here’s an example that already happened: The WSJ article points out that Walmart paid a firm to target employees with back pain with information about alternatives to surgical treatment, in an attempt to reduce the percentage of employees that opt for expensive spinal surgery1. If Walmart actually succeed at getting more employees to opt against spinal surgery, then we’ve seen an employer wielding measurable influence over employee healthcare decisions.

As long as some company or person stands to benefit from holding your personal, financial and health data, your data are a precious commodity to someone else. The true power of big data is being able to shape behavior with insights from readily available data. Do you know all the ways companies are using your data to shape your behavior?

Information is power; in the digital era, it is also money. Doubt not that many people and companies will be tempted by both the power and the money, and that many of us will suffer from or actively fight those who succumb to that temptation.

  1. From Yes, it’s an article about an article. I’d link to the WSJ original but it’s paywalled.
  2. From
  4. The short story on employer-based healthcare:
    a longer, in-depth story on employer-based healthcare:

Update 2016 Mar 05

Leave a Reply