The U.S. Surgeon General Dr. Vivek Murthy recently released a Surgeon General’s Advisory on the Mental Health and Well-Being of Parents, highlighting the urgent need to better support parents, caregivers, and families to help our communities thrive.
Your Welcoa membership has expired.
The following article does NOT constitute legal advice and should not be used as such. It is for educational purposes only. Readers should retain legal counsel to obtain definitive answers.
The premise behind the General Data Protection Regulation (GDPR) in the European Union (EU) is to ensure that natural persons have rights with regard to the processing of data about them. One of those rights is informed consent. That is, companies who do business in the EU or intentionally process data of persons living in the EU should not be handling that data without the informed consent of the “data subject.”
The United States also has informed consent laws, but they are primarily state-based laws that apply to certain health professions. Informed consent laws in the United States usually require the following elements to be part of the notice:
The GDPR expands informed consent to include everyone who processes health or biometric data about EU data subjects, not just persons within the health professions. Although the GDPR addresses data processing and not medical treatment, one can analogize the elements of medical informed consent to the processing of wellness data. For example, a wellness data collection informed consent could describe:
Wellness programs that process health or biometric data of data subjects in the EU, or that have a physical presence in the EU, must abide by GDPR. But even programs that are not subject to GDPR compliance may wish to adopt its premise that it is better to inform individuals about the particulars of your program’s data collection than withhold information.
Workplace wellness programs in the United States that collect health information from employees must provide a notice before doing so. That notice must meet certain requirements under the Americans with Disabilities Act (ADA), such as;
See 29 CFR § 1630.14(d)(1)(iv).
Although the ADA notice informs individuals about the data being collected and why it is being collected, it does not require explanation of the alternatives to data collection through the workplace wellness program or the downsides to not providing health information through the wellness program. Particularly in the wake of the AARP v. EEOC case which scrutinized the voluntariness of the EEOC’s incentive rules, it will be important for workplace wellness programs to inform potential participants of both the disadvantages as well as advantages of participating in data collection efforts such as through Health Risk Assessments (HRAs) and biometric screens. Including both the disadvantages and advantages of HRA/biometric screen participation not only explains why HRA participation can be helpful, but it fully informs individuals about any risks, which can strengthen the voluntary nature of their participation. An individual whose HRA participation is truly voluntary may lead to better outcomes.
Barbara J. Zabawa
President of the Center for Health and Wellness Law, LLC
wellnesslaw.com
Health Promotion Program Legal Updates*
Every 3rd Wednesday from 10:00–11:00 AM CT
*This is an exclusive WELCOA Member Resource.