Employee Wellness Program Privacy: Biometric Screening Tyranny

If you went back in time 20 or more years ago and told the people back then that in the near future employers would force them to take a blood test or they would lose their health insurance coverage, I’m sure they’d laugh and assume you were citing some obscure subplot from Orwell’s 1984.

You see, not too long ago, if such a widespread policy was proposed, people would have been outraged and protests would have broken out nationwide to put an end to such a blatant invasion of privacy.

Not so in 21st century America. It looks like all the GMOs we eat, the fluoride in our water and the toxic mercury- and formaldehyde-laced vaccines we take willingly (or not so willingly, if you live in California) has left us brain damaged and semi-comatose.

We know our smartphones and TVs have taken a chunk out of our IQs, which may explain why 10 percent of college grads now believe that Judge Judy is a Supreme Court justice and some Americans think that Martin Luther King was the first black man on the moon. How else can we explain this epidemic of apathy and ignorance when it comes to our rights and freedoms?

We should have known we were in trouble when poor Edward Snowden hung his life out on the line to warn us about the criminal intrusiveness of our government only to have many Americans just shrug and say, “So what? I’ve got nothing to hide.” Hell, these pod people even parroted the government propaganda that he was a traitor.

I’m sure Snowden was even more shocked by our zombie-like reaction to our government’s widespread violation of the Fourth Amendment than he was when he discovered the extent of U.S. government surveillance. He obviously overestimated our present capacity for outrage and action.

So it should come as no surprise that corporate America wants to get in on the invasive fun. And why not? With health insurance premiums skyrocketing, it was only a matter of time before they would exploit our complacent idiocy by persuading employees to willingly submit to biometric screenings that measure blood pressure, weight, waist size, body mass index (BMI), cholesterol levels and other health vitals, or risk paying health coverage surcharges (as smokers already do) or losing coverage altogether.

So what if these wellness programs violate Equal Employment Opportunity Commission (EEOC) laws or the protected health information (PHI) provisions of the Health Insurance Portability and Accountability Act (HIPAA)? You’ve got nothing to hide, right? And, gee, what’s wrong with getting healthy and getting a discount on your employer health insurance coverage?

The Gift of Obamacare: Making Private Health Information Public

As if the Patient Protection and “Affordable” Care Act (ACA) wasn’t bad (and unconstitutional) enough by forcing you to buy health insurance from a private company under threat of tax penalties (?), we can also blame Obamacare for the explosion of invasive employee wellness screenings.

Surprised? Don’t be. After all, the ACA was written by the insurance companies and Jonathan Gruber, an arrogant, elitist jerk from MIT who laughed and admitted that the stupidity of American voters made this mess possible.

One would have thought that the Gruber fiasco would have been enough to inspire public outrage and force a repeal of Obamacare…but, again, you’d be overestimating the pod people who have body-snatched millions of once spirited, freedom-loving Americans.

The ACA helped advance the notion that healthy lifestyles would control health care costs; what seemed like harmless, even positive, rhetoric at the time has now been exposed as just another privacy-invading, money-making venture. It’s always about taking your money and invading your privacy with these clowns.

Anyone who has had a screening or physical in recent years knows that these examinations are designed to do one thing and one thing only…to make you a lifelong dependent on some hideously overpriced pharmaceutical drug that has 29 potentially lethal side effects (and the more drugs they can prescribe, safely or not, the better).

In 2014, 95 percent of employers had a health risk assessment, biometric screening or some type of wellness screening program in place, and 74 percent of the programs dangled an incentive carrot to get employees to participate (comply) usually a modest discount in health plan premiums.

Such high adoption rates by employers mean that these programs will now likely determine the course of your career. Good luck climbing the corporate ladder after your boss learns that you’re on an anti-psychotic and three blood pressure medications.

It’s Voluntary…Until it’s Not

Even if your company’s wellness plan is voluntary now, don’t be fooled. That’s how it always starts. Like a lot companies, Flambeau, a Wisconsin-based plastic maker, introduced their “voluntary” wellness program as a way to lower their health care costs and cut down on employee sick days.

But since wellness programs need high participation rates in order to get the best bang for the corporate buck, when participation rates are low, some companies are motivated to take off the kid gloves and make it a requirement for keeping insurance coverage. That’s what Flambeu did, and one employee who refused to participate in Flambeau’s program filed a complaint with the EEOC.

The Flambeu lawsuit is one of several such cases working their way through the legal system these days. The EEOC’s main argument in the Flambeu suit, and others like it, is that forcing employees to participate in wellness programs, especially when they involve biometic screening or health assessments,  violates the Americans with Disabilities Act (ADA). The ADA prohibits companies from obtaining personal health information from employees or requiring that they submit to a medical exam. End of story, right?

Not so fast. For some reason, the U.S. District Court in Wisconsin didn’t see it that way. They ruled that data collected through wellness programs doesn’t violate the ADA. The EEOC is reviewing the decision, whatever that means.

Biometric Gene-ings and GINA

While the EEOC is leveraging ADA protections in its wellness program lawsuits, it’s also citing the Genetic Information Nondiscrimination Act (GINA), as it did in its suit on behalf of employees of Honeywell. Under GINA, employers are prohibited from requesting genetic information from employees, especially when that information is tied to health insurance coverage.

Honeywell employees turned to the EEOC after they balked at participating in the company’s wellness program and were slapped with a fat insurance premium surcharge. Employee spouses weren’t spared either; they were hit with a $1,000 tobacco surcharge for not coughing up their DNA, whether they smoked or not (guilty until proving innocent?).

Smokers know a thing or two about health insurance tyranny. Our poor, nicotine-addicted social pariah friends are always convenient canaries in the coal mine when it comes to test driving civil rights violations.

The EEOC cited both the ADA and GINA in the Honeywell case. And while the Minnesota District Court denied the EEOC’s request to issue a temporary restraining order against Honeywell’s wellness program, in its decision, the court expressed some concern as to how  the ACA wellness directive would jibe with the ADA, GINA and other privacy laws. Ya think?

The courts are all over the place in these decisions (lower courts have handed out victories to both sides) and it’s hard to say when, or if, definitive judicial determination will ever emerge.

Employee Wellness Programs Can Hurt Your Credit Rating?

Another consideration: you may have noticed that your company hired an outside company to administer their wellness program. In addition to worrying that your boss will learn that you have high blood pressure, should you also be concerned that your info will be sold to a credit monitoring company or third-party marketer…and that your screening could affect your ability to get a car loan or mortgage in the future?

As it turns out, yes, you should be concerned, because wellness program vendors are not bound by HIPAA privacy protections.

If you read the fine print in their terms & conditions, you’ll find that many of these contractors have policies that allow them to share “identifiable data” with unidentified third parties “working to improve employee health.” Also, “de-identified” group health results are regularly shared with employers and researchers, and it’s been proven that this data can easily by “re-identified” and used for credit screening, marketing…or even… job displacement?

Think that Fitbit or other wearable fitness device makes you look cool? It turns out it also makes data mining your vitals that much easier. Nice, huh?

Health Care Employees VOLUNTEER their Protected Health Information

As an uninsured, underemployed freelancer, wellness programs didn’t ping my radar until recently when my client, a prestigious regional health care system, needed me to craft some employee communications regarding their wellness program.

The last time I was a full-time, salaried employee, employee wellness programs were strictly voluntary, so I didn’t give it a second thought. I quickly learned how much the ACA changed things.

Having worked in health care in some capacity for nearly two decades, I couldn’t believe that hospital personnel would agree to this madness. After all, these people would be terminated immediately if they violated a patient’s private health information, so why would they surrender their own private information? Shockingly, I learned many did just that.

I’m sure many workers realize this is a violation of their privacy, but they’re scared that if they don’t participate, they’ll end up on some undesirable human resources list (unfortunately, they’re probably right).

Others, who see themselves as being fit and healthy, may comply because they feel that they…wait for it… have nothing to hide.  Good for them, but what if someone has a condition that they have a right to hide from the world?

What if you’re bipolar or diabetic, for example? Or, what if you have either condition, but don’t know it yet? Would you feel comfortable having your boss find out at the same time that you do? And how confident are you that you’d survive the next mass layoff if your biometric screening places you outside “normal” health levels in one or more categories? After all, there’s no way to prove that your condition would have had anything to do with your termination.

Don’t think for one minute that today’s corporate tightwads won’t weigh your health status when deciding if they want, or need, to part company with you, especially if they know that your fat medical bills will go with you.

Unfortunately, these days, the government and large employers don’t have to try too hard to push us toward controlled serfdom; they’ve handed us the shovel and we’re digging our way there ourselves, thank you. The powers that be have no need to fear torch and pitchfork mobs in the U.S. anymore.

No, the freeze-dried American zombie masses are content to drink beer, obsess over football and reality TV (our modern day bread and circuses) and to silently go along to get along. I guess as long as we have “nothing to hide” and Judge Judy is sitting on the Supreme Court, we have nothing to worry about.

 

Big Brother and the BYOD Privacy Holding Company

I have a friend who works for CSX, one of the nation’s largest rail and transport companies. Like a lot of companies today, CSX won’t provide most of their employees with company cell phones, but it still expects workers to have access to their work email at all times; in the spirit of “BYOB” (bring your own booze), this cost-effective trend is called “bring your own device” (BYOD).

You might be saying, “What’s wrong with that? We’ve had our work email on our cell phones for years.” Well, in their zeal to keep employees tethered to the job around the clock without incurring the cost of providing them with a company cell phone, CSX, like many companies,  want their employees to add a mobile device management (MDM) platform to their personal devices that  violates their right to privacy….all for the sake of protecting their corporate data.

Yes, CSX is considering having their employees sign on to an Orwellian corporate mobility policy that gives their IT department explicit consent to potentially install apps, monitor usage, track, wipe data, oh…and collect personal information from their phones or tablets.

So…that Tinder app…those embarrassing Pinterest or Facebook pictures you posted when you were drunk? Guess what CSX’s (or your company’s) HR department may be perusing when they’re bored?

Having access to your personal information could be helpful when a mass layoff is necessary. Was your inclusion in the culled herd really nothing personal, or did an offensive app on your phone do you in? You’ll never know.

Your phone, your data? Not necessarily

Privacy is only one consideration when it comes to BYOD; there’s always the potential for data wipes. A man in Texas is currently suing his former employer for doing just that. Saman Rajaee had registered his iPhone with his employer’s Microsoft Exchange server.

A few days after giving two weeks’ notice, the company, Design Tech, wiped out all of the business and personal data on his phone…without warning, he lost more than 600 business and personal contacts, family photos, business records, and passwords. How’s that for a sendoff?

The U.S. District Court for the Southern District of Texas dismissed the federal charges brought by Rajaee, saying that Design Tech had not violated the Electronic Communications Privacy Act (ECPA) and Computer Fraud and Abuse Act (CFAA) when they nuked all of the data on his phone. The state charges of misappropriation of confidential information, violation of the Texas Theft Liability Act, negligence, and conversion, are still pending.

MDM software development companies like MobileIron are holding this case up as a warning to companies that they better CYA on the BYOD by getting their employees to sign ironclad BYOD consent forms….oh, and to promote the fact that their software helps companies delete only business data on employee  devices.

Employee apathy vs. convenience

Why do so many of us willingly embrace BYOD programs, despite the risks involved, especially when it’s common knowledge that most MDM platforms can access personal information from a user’s device? Is convenience that important?

According to a 2013 Harris Interactive survey, only 15 percent of those surveyed were concerned about privacy issues, although, four out of five respondents were concerned that MDM software would be used to track them.

We’ve been so systematically conditioned to having our privacy violated routinely, Snowden be damned, that we don’t even blink when CSX and other companies disregard our most precious right in order to protect their data.

Look at the permissions that most mobile apps request now. They want access to your microphone, your camera, your Bluetooth connection information, your device & app history, your location, SMS, photos/media/files, and your Wi-Fi connection…even when the app in question has no need for any of these functions.

Many of us just blindly accept these terms, because we have to have Instagram, Snapchat, or Tinder on our phones or tablets. Don’t even get me started on the privacy sins of Google+ and Facebook.

How many well-publicized, massive security breaches will it take before we realize that granting intrusive (and often unnecessary) permissions without giving it a second thought may not be such a good idea?  Are we ever going to wake up and draw a line in the sand?  We better.

It’s bad enough to make your phone or tablet vulnerable to some criminal app developer or offshore hacker, but when your privacy is violated by your employer, the pee isn’t coming out of that swimming pool, so BYOD at your own risk.

No Bezos (kisses) at Amazon

I like a good scary story as much as the next person, but I can’t think of any piece of horror fiction in recent memory that has frightened me more than last week’s New York Times feature article about Amazon.

Anyone who has had a white collar job within the last 10 years is familiar with some of the workplace hazards alluded to in the article:

  • the annoying coworkers who like to email people at 2 am on weekends to prove/time stamp their dedication;
  • others who show up at the office at the crack of dawn and/or stay late;
  • the busybodies who like to provide unsolicited “feedback” (usually negative) about colleagues to superiors; or
  • colleagues who feel that humiliating you in meetings will spur you to achieve workplace excellence (this is usually the public explanation; the real reason is they either resent you or don’t like you).

Individually, these behaviors are annoying, but when they are ALL part of a company’s corporate culture…even codified in the employee handbook (check out Amazon’s 14 leadership principals), then you’re hitting horror story territory.

Bezos responded to fallout from the Times article by saying that he wouldn’t want to work for a company like the one described in the article. One can argue that he doesn’t, really, since as CEO, he isn’t subjected to the annual “culling” of staff, and no one in their right mind would dream of submitting secret feedback about him via the company’s Orwellian Anytime Feedback Tool (a widget in the company’s directory that employees are encouraged to use to submit praise or criticism about colleagues to management). Of course, Feedback Tool submissions are factored into the decision-making at the annual culling of Amazon’s overworked herd. Double-plus ungood.

Bezos likes his Feedback Tool so much, he’s invested in an HR software company that makes a similar product. So, in the near future, if you find yourself on the wrong end of a crappy performance review and lose your job, it may just be because the office psycho who doesn’t like you colluded with other office misfits to funnel tons of real-time negative feedback about you to your boss. Creepy, huh? Get ready; it’s coming.

So, is Bezos a driven visionary…a textbook bipolar CEO…a sadist…or all of the above? Who can say for sure? What is obvious is that, in his infinite, algorithm-loving mania, Bezos (whose name literally means “kisses” in Spanish) has reworked the KISS principle (Keep it Simple, Stupid) to mean, Keep it Stressful, Stupid. His fiefdom is truly a Darwinian dystopia on steroids.

I guess while we wait for the robots to take our jobs, corporate overlords like Bezos are going to bide their time by making us work like robots. That way, they can literally work us to death and we won’t be around to complain about losing our jobs to C-3PO in the near future. A recent study shows this isn’t that farfetched a concept.

A stroke of bad luck?

In recent years, we’ve been hearing more and more about uncharacteristically young people…folks in their thirties and forties…having strokes. Why, we wondered? Well, it turns out that Amazon’s top performers aren’t thinking long term when it comes to embracing the 80-hour workweeks that are the hallmark of Amazonian excellence.

Less than a week after the Times/Amazon article appeared, the London Guardian reported that scientists at University College London found that if you put in more than 55 hours a week at work, you have a 33 percent higher stroke risk and a 13 percent higher risk of having a heart attack than “slackers” who work only 35-40 hours a week.

What I want to know is, if you stroke out at your desk at Amazon, will Bezos offer you free shipping to the funeral home of your choice?