Op Ed on Employer-Sponsored Wellness Programs World Privacy Forum Skip to Content Javascript must be enabled for the correct page display Home Connect With Us: twitter Vimeo email Main Navigation Hot Topics

Op Ed on Employer-Sponsored Wellness Programs

Today The Guardian published an op-ed I wrote about employer-sponsored wellness programs. You can find that op-ed here. I have researched and written about HIPAA, health plans, wellness, predictive analytics, and big data for years now. A lot of my work coalesced together when Robert Gellman and I researched and wrote the Scoring of America report. During this time, we found examples of health plans using all sorts of surprising data to assess members. We wrote about this in the Scoring report, for example, on p. 16 where a health plan used members’ retail purchase histories as part of the factors to enhance predictive risk models. This week, a Wall Street Journal article provided new and troubling information about health data and predictive analytics in a discussion of employer-sponsored health programs. The WSJ article was surprising in its revelation of how far some of the data acquisition has now gone in just two short years since the publication of Scoring of America. I encourage you to take a look at the WSJ piece, and at the responsive op-ed that I wrote. Employee-sponsored wellness programs are complex to navigate, and it is important to note that wellness programs are not just automatically covered under HIPAA — they have to meet specific criteria, and not all do. I discuss this in more detail in the op-ed. I am pleased when wellness programs are helpful to people, but we must reign in data abuses that are impacting employees when employer-sp0nsored health plans are not covered under HIPAA. There need to be good, solid rules that protect fairness, accuracy, access to the records, and more. -Pam Dixon

The Guardian Op Ed

WSJ article

Scoring of America report

Posted February 19, 2016 in Data Brokers, Databases, Digital Exhaust, Genetic Privacy, HIPAA, Modern privacy, Wellness programs Next »Update: EU, US reach new Safe Harbor deal « Previous(Updated) Urgent for California Parents: Detailed student SSNs, medical information to be released by a court WPF updates and news CALENDAR EVENTS

WHO Constituency Meeting WPF co-chair

6 October 2022, Virtual

OECD Roundtable WPF expert member and participant Cross-Border Cooperation in the Enforcement of Laws Protecting Privacy

4 October 2022, Paris, France and virtual

OECD Committee on Digital and Economic Policy fall meeting WPF participant

27-28 September 2022, Paris, France and virtual more Recent TweetsWorld Privacy Forum@privacyforum·7 OctExecutive Order On Enhancing Safeguards For United States Signals Intelligence Activities The White House https://www.whitehouse.gov/briefing-room/presidential-actions/2022/10/07/executive-order-on-enhancing-safeguards-for-united-states-signals-intelligence-activities/Reply on Twitter 1578431679592427526Retweet on Twitter 1578431679592427526Like on Twitter 1578431679592427526TOP REPORTS National IDs Around the World — Interactive map About this Data Visualization: This interactive map displays the presence... Report: From the Filing Cabinet to the Cloud: Updating the Privacy Act of 1974 This comprehensive report and proposed bill text is focused on the Privacy Act of 1974, an important and early Federal privacy law that applies to the government sector and some contractors. The Privacy Act was written for the 1970s information era -- an era that was characterized by the use of mainframe computers and filing cabinets. Today's digital information era looks much different than the '70s: smart phones are smarter than the old mainframes, and documents are now routinely digitized and stored and perhaps even analyzed in the cloud, among many other changes. The report focuses on why the Privacy Act needs an update that will bring it into this century, and how that could look and work. This work was written by Robert Gellman, and informed by a two-year multi-stakeholder process. COVID-19 and HIPAA: HHS’s Troubled Approach to Waiving Privacy and Security Rules for the Pandemic The COVID-19 pandemic strained the U.S. health ecosystem in numerous ways, including putting pressure on the HIPAA privacy and security rules. The Department of Health and Human Services adjusted the privacy and security rules for the pandemic through the use of statutory and administrative HIPAA waivers. While some of the adjustments are appropriate for the emergency circumstances, there are also some meaningful and potentially unwelcome privacy and security consequences. At an appropriate time, the use of HIPAA waivers as a response to health care emergencies needs a thorough review. This report sets out the facts, identifies the issues, and proposes a roadmap for change.