Friday, July 8, 2016

Employer Wellness Programs: ADA, ACA, and HIPAA Compliance

Employer wellness programs are a subject of much interest to employers and receive considerable scrutiny from the EEOC and Department of Labor.  Employers want to lower their health care costs by improving the health of workers, and multiple vendors offer programs designed to do just that.  Employment law enforcement agencies want to make sure that wellness programs are non-discriminatory. Before implementing a wellness program, whether designed in-house or purchased from an outside source, employers need to make certain that the program complies with the requirements of the Americans with Disabilities Act (and its state law counterparts), the Affordable Care Act, and the Health Insurance Portability and Accountability Act. Some small employers may not be covered by all of these laws, but most have some compliance responsibilities.
Although each law has its own focus and unique requirements, there are important similarities. A practical approach to compliance suggests that every employer wellness program should be implemented with the following requirements in mind:
Employee Notice. Wellness programs that collect information about employees’ medical conditions must provide for notice describing what information will be collected, who will receive the information, and how it will be kept confidential.  The EEOC has recently published a sample notice that meets these requirements, along with a question and answer publication addressing how the notice should be used.  The HIPAA Privacy Rule requires employers with health plans – whether or not the health plan includes a wellness program – to provide a notice that describes the plan’s privacy practices and explains employees’ rights related to their personal health information. In some circumstances, one notice can meet the requirements of both laws.  Employers should understand and be prepared to meet all notice requirements before implementing a wellness program.  For programs already in place, compliance with notice requirements should be an ongoing concern.
Protection of Health Information.  Employee health and medical information collected as part of a wellness program must be kept confidential.  Generally, employers can only receive aggregated health information in a form that does not reveal individual health information. Whether collected as part of a wellness program, for health insurance purposes, or for other reasons, health information must be kept in a manner that protects it from disclosure.  These protections are required by all three of the federal laws noted above, comparable state laws, and the Genetic Information Non-discrimination Act (GINA).
Voluntary Participation.  Participation in an employer wellness program must always be voluntary for employees.  The ADA and the ACA both require this.  Incentives for participation may be offered, but their value may not exceed 30% of the total cost of employee-only health coverage, and must be available to all similarly situated employees.  Reasonable accommodations must be available so that participants with disabilities have an opportunity to earn the full reward offered by the program.
Health-related Purpose.  Employer wellness programs must be reasonably designed to promote health or prevent disease.  Reducing employer cost is not a sufficient purpose.  In all cases, the program may not place an undue burden on employees.
Helpful publications from the EEOC, the Department of Labor, and the Department of Health and Human Services provide additional explanation and guidance. The ADA, the ACA, HIPAA, and related state laws and regulations are detailed and complex.  The overview presented here, though only a starting point for compliance, describes the basic concepts that all employer wellness programs must respect and reflect.
Posted by Judy Langevin