Your Welcoa membership has expired.

Workplace Wellness Programs: The Penalties and Risks of Noncompliance

With all the concern about complying with various workplace wellness laws, it would be useful to know what is at stake if a company fails to comply. In a nutshell, monetary penalties from the government and lawsuits await workplace wellness programs that are found to be noncompliant with the law.

Numerous federal laws and regulations govern workplace wellness programs, including the Affordable Care Act, (ACA), the Americans with Disabilities Act (ADA), and the Genetic Information Nondiscrimination Act (GINA).

This blog provides a basic overview of the penalties that could apply when group health plans, insurers, or employers violate ACA, ADA, or GINA provisions governing wellness programs. However, it does not give exhaustive treatment to the topic or cover all laws that may apply.

HIPAA/ACA Nondiscrimination

The ACA expanded upon nondiscrimination rules first enacted in the Health Insurance Portability and Accountability Act of 1996 (HIPAA), known as the HIPAA nondiscrimination and wellness provisions, which were incorporated in the Public Health Service (PHS) Act.1 These laws prohibit group health plans and health insurance issuers from discriminating against participants and beneficiaries in eligibility, benefits, or premiums based on a health factor.2

However, the law includes an exception for programs of health promotion and disease prevention (i.e., wellness programs). Wellness programs can offer premium discounts or rebates on health insurance coverage, or modify cost-sharing amounts such as copayments or deductibles, in exchange for “voluntary” participation in the wellness program.3 In other words, group health plans can provide rewards to those who participate or penalize those who don’t.

In addition, HIPAA/ACA rules require “health contingent wellness programs,” which tie financial incentives to achievement of health status goals, to meet other tests for compliance.4 For instance, the wellness program must be reasonably designed to promote health or prevent disease,5 and the full reward must be available to all similarly situated individuals.6 Health plans and insurance issuers must comply with numerous other provisions not covered here.

A group health plan or health insurance issuer that fails to comply with the HIPAA/ACA nondiscrimination and wellness provisions could be subject to a maximum civil money penalty of $100 for each day for each individual affected by noncompliance.7 No penalty will be imposed if a violation is due to reasonable cause and not willful neglect, and the violation is corrected within 30 days after discovering the violation.8 States have enforcement authority of these HIPAA provisions with respect to health insurance issuers within the state, but Health and Human Services (HHS) will step in to regulate if the state fails to enforce the laws.9 Guidance notes that “the states may enforce the provisions of HIPAA as they pertain to issuers, but that the Secretary of HHS must enforce any provisions that a state chooses not to or fails to substantially enforce.”10

In determining the penalty for violations, the HHS Secretary takes into account the previous record of compliance and the gravity of the violation.11 If noncompliance relates to genetic information,12 a violation not corrected upon notice by HHS is subject to a $2,500 penalty, $15,000 for penalties that are more than “de minimis” (minor) violations.13

ADA Nondiscrimination

Under the ADA, workplace wellness programs must be available to all employees, regardless of disability, and must offer reasonable accommodations for qualified individuals.

The ADA bars employers from making disability-related inquiries or requiring employees to undergo medical examinations unless an exam is job-related and consistent with business necessity or the medical exam is “voluntary” and part of an employee health program available at the worksite,14 including workplace wellness programs.15 A medical exam would include any “procedure or test that seeks information about physical or mental impairments or health.”16

Wellness programs must also meet a number of ADA requirements, including restrictions on financial incentives that may be offered to increase participation using medical exams or disability-related questions.17 Other ADA provisions impose notice requirements when collecting medical information,18 and govern confidentiality and security requirements in addition to numerous other compliance issues not mentioned or detailed in this article.19

The Equal Employment Opportunity Commission (EEOC) enforces the ADA laws on employment discrimination.20 The type of relief available when a workplace wellness program violates the ADA nondiscrimination rules will vary depending on the impact of the discrimination on a particular individual.21 But an employee or employees alleging employment discrimination by employers can seek compensatory damages, including out-of-pocket costs and damages for emotional harm, as well and punitive damages for reckless or malicious acts of discrimination.22

The amount of punitive damages is capped: $50,000 for employers with 15 to 100 employees; $100,000 for employers with 101 to 200 employees; $200,000 for employers with 201 to 500 employees; and $300,000 for employers with more than 500 employees.23 A party, other than the United States, who prevails can also obtain reasonable attorney’s fees, litigation expenses, and costs.24

Additionally, employers “may not take any other adverse action against employees who choose not to answer disability-related inquiries or undergo medical examinations.”25 This would include retaliation for declining to participate in the wellness program or declining to provide medical information collected as part of the program.26 In egregious cases involving a pattern of retaliation, civil penalties can rise to $50,000 for a first offense, $100,000 for second offense.27

“Understanding the penalties and liability risks involved with violations of the HIPAA/ACA, ADA, and GINA laws and regulations that apply to workplace wellness programs is an important aspect of understanding how to create and maintain compliant wellness programs.”

GINA Nondiscrimination

GINA has two titles that govern workplace wellness programs. GINA Title I, enforced by the Departments of Labor, Health and Human Services, and Treasury, prohibits group health plans from discriminating on the basis of genetic information, either for underwriting purposes or prior to/in connection with enrollment.28 Enforcement responsibilities are shared because GINA Title I amended different federal laws enforced by different departments or agencies.

Thus, the same mechanisms used to enforce those underlying federal laws would be used to enforce amendments under GINA Title I.29 For instance, GINA Title I made amendments to the Public Health Service (PHS) Act to prohibit discrimination on the basis of genetic information.30 Violations of the provisions that fall within the PHS Act are subject to the prescribed penalties for violations of the PHS Act, which imposes a maximum penalty of $100 per individual per day who is affected by a failure to comply.31

GINA Title II, enforced by the EEOC, prohibits employers from requesting, requiring, or purchasing genetic information with respect to an employee or an employee’s family member.32 However, employers can collect genetic information as part of a voluntary wellness program, so long as they follow the rules that govern such collection.33

The GINA rules prohibit financial inducements to provide genetic information, “but may offer financial inducements for completion of health risk assessments that include questions about family medical history or other genetic information, provided the covered entity makes clear, in language reasonably likely to be understood by those completing the health risk assessment, that the inducement will be made available whether or not the participant answers questions regarding genetic information.”34 Employers must follow other rules under GINA, including confidentiality requirements. For instance, employers who obtain genetic information voluntarily must keep it in separate medical files and treat it as a confidential medical record.35

Like the ACA/HIPAA and ADA rules that limit financial inducements in exchange for voluntary participation, GINA Title II limits financial inducements for wellness programs that collect manifestation of disease or disorder information from an employee’s spouse to 30 percent of the cost of health coverage.36 And like other federal laws that govern wellness programs, GINA Title II includes a plethora of other provisions that employer wellness programs must understand to stay compliant.

GINA incorporates enforcement and remedy provisions that were already in existence for other types of discrimination in the employment discrimination area, including the Civil Rights Act of 1964.37 Remedies can include compensatory damages for “future pecuniary losses, emotional pain, suffering, inconvenience, mental anguish, loss of enjoyment of life, and other nonpecuniary losses.”38 Punitive damages are capped, based on the number of employees.

Employers are subject to punitive damages of $50,000 to $300,00, depending on the size of the employer, if discrimination is intentional.39 Remedies also include reasonable attorney’s fees and litigation costs, as well as injunctive relief, including reinstatement or back pay.40

ADA Notice and GINA Authorization Requirements

Recall that the new ADA and GINA rules issued in May 2016 now require workplace wellness programs that collect health information to issue a notice (in the case of the ADA) or authorization (in the case of GINA) before collecting the relevant information. The GINA authorization requirement must be “prior, written and knowing,” so it must occur before an individual discloses their “genetic information.” Thus, if your wellness program incentivizes spouses to participate in a health assessment or biometric screen, or if your HRA asks employees family medical history questions, the employer should be obtaining the spouse or employee’s authorization before they divulge their genetic information.

The ADA’s notice requirement should also be occurring before the wellness program gathers the wellness participant’s genetic information. Even though the regulations do not specify that the notice has to be “prior and knowing,” the ADA regulations do specify that the wellness program must be “voluntary.” The preamble to the final rule states that “For these wellness programs [that conduct disability-related inquiries and/or conduct medical examinations] to be deemed voluntary, a covered entity must provide a notice – in language reasonably likely to be understood by the employee from whom medical information is being obtained that clearly explains what medical information will be obtained, how the medical information will be used, who will receive the medical information, the restrictions on disclosure, and the methods the covered entity uses to prevent improper disclosure of medical information. 81 Fed. Reg. at 31134 (May 17, 2016). Failing to ensure that employees read the notice before supplying their health information would undermine the voluntary nature of disclosing their health information.

Also, and perhaps more directly, the EEOC in its Questions and Answers document states that employees must receive the notice before providing any health information, and with enough time to decide whether to participate in the program. “Waiting until after an employee has completed an HRA or medical examination to provide the notice is illegal.”

According to an email from an EEOC advisor to the Center for Health and Wellness Law, failure to comply with the ADA and GINA notice/authorization requirements could undermine the voluntary nature of the wellness program. If an employee filed a lawsuit alleging that his or her participation in the wellness program was not voluntary (e.g., because he or she was not informed about how his or her health information would be used), the EEOC could seek compensatory damages and perhaps, in appropriate cases, punitive damages. The EEOC could also seek injunctive relief, which could include requiring the employer to provide the required notice if it wants to continue offering the wellness program.


Understanding the penalties and liability risks involved with violations of the HIPAA/ACA, ADA, and GINA laws and regulations that apply to workplace wellness programs is an important aspect of understanding how to create and maintain compliant wellness programs.

This article provides a basic overview of the penalties but cannot begin to capture the complexities associated with wellness program compliance. Group health plans, health insurers, and employers should seek legal counsel for advice and guidance on how to fully comply.

Barbara Zabawa

Barbara J. Zabawa
President of the Center for Health and Wellness Law, LLC


  1. 78 Fed. Reg. 33158 (June 3, 2013).
  2. 42 U.S.C. § 300gg-4; 29 C.F.R. § 2590.702(a)(1).
  3. 78 Fed. Reg. 33158 (June 3, 2013).
  4. 45 C.F.R. § 146.121(f).
  5. 45 C.F.R. § 146.121(f)(4)(iii).
  6. 45 C.F.R. § 146.121(f)(4)(iv).
  7. 42 U.S.C. § 300gg-22.
  8. 42 U.S.C. § 300gg-4(b)(2)(C)(iii).
  9. 42 U.S.C. § 300gg-4(a).
  10. 78 Fed. Reg. 33158, 33175 (June 3, 2013).
  11. 42 U.S.C. § 300gg-4(b)(2)(C)(ii).
  12. 42 U.S.C. § 300gg-4(b)(3).
  13. Id.
  14. 29 C.F.R. § 1630.14(d).
  15. 81 Fed. Reg. 31126 (May 17, 2016) (explaining that the ADA’s nondiscrimination rules apply to workplace wellness programs that conduct medical examinations or make disability-related inquiries.).
  16. EEOC Enforcement Guidance No. 915-002 (July 27, 2000).
  17. 81 Fed. Reg. 31136 (May 17, 2016).
  18. 29 C.F.R. § 1630.14(d)(iv).
  19. 81 Fed. Reg. 31136 (May 17, 2016).
  20. 42 U.S.C. § 12117; 28 C.F.R. § 37.7.
  21. Remedies for Employment Discrimination, EEOC, (last visited April 8, 2017).
  22. Id.
  23. 42 U.S.C. § 1981a.
  24. 42 U.S.C. § 12205.
  25. 29 C.F.R. s pt. 1630, App., Interpretive Guidance on Title I of the Americans with Disabilities Act.
  26. Id.
  27. 42 U.S.C. § 12203; 42. U.S.C. § 12188.
  28. 45 C.F.R. § 146.122(d).
  29. Representative Louise Slaughter, Genetic Information Non-Discrimination Act, 50 Harv. J. on Legis. 41, 56 (2013).
  30. 42 U.S.C. § 300gg et seq.
  31. 42 U.S.C. § 300gg-22.
  32. 42 U.S.C. § 2000ff-1.
  33. 75 Fed. Reg. 68912 (Nov. 9, 2010); 29 C.F.R. Part 1635.
  34. 29 C.F.R § 1635.8(b)(2)(ii).
  35. 29 C.F.R § 1635.9.
  36. 29 C.F.R. § 1635.8.
  37. 42 U.S.C. § 2000ff-6; Heather A. Giambra, A Primer on Title II of the Genetic Information Nondiscrimination Act of 2008 and Its Implementing Regulations, N.Y. St. B.J., November/December 2012, at 26, 33.
  38. 29 C.F.R. § 1635.10.
  39. 42 U.S.C. § 1981a.
  40. Id.