By Roger Hood | Almost daily, we hear about “wearable technology” in the workplace. The legal quagmire of issues that arise range from privacy and security to data use and HIPAA concerns. As with the introduction of BYOD (bring your own device), employers seeking to add this contemporary wellness perk and create and sustain a healthy workplace should consider implementing a mobile device management policy.
Wearable technology includes products that incorporate electronic technologies in order to, among other things, monitor personal health factors such as heart rate, sleep cycles, pulse rate and other biometrics as well as monitoring location like a GPS. Basically, they are activity trackers to measure data. Products can be stand-alone, such as “Fitbit,” or features incorporated into smart phones or other existing devices.
Bloomberg Business (September 2015) reports that “Retail giant Target Corp. will offer activity trackers from Fitbit Inc. to its 335,000 U.S. employees, becoming the latest firm looking to the inexpensive wearable devices as a way to improve its workers’ fitness and reduce health-care costs.”
When a company like Target offers wearable technology in the workplace, a number of legal factors need to be considered. First and foremost, who owns the wearable technology and who owns the device data generated by it? Is the data private to the employee or, if not, who has access to it?
It is important to pinpoint what kind of data can be collected for the employer’s use. Who can use the data? For what purposes can the data be used or disclosed? Under HIPAA, much of the data might be considered Protected Health Information (PHI) and it is, therefore, expected that a company offering wearable technology that tracks PHI will be required to obtain consent from participating employees on how their data is used. Non PHI data may be unregulated, which means that it could be used for many purposes without an employee’s consent.
A recent (October 2015) NPR article entitled “7 Questions To Ask Your Boss About Wellness Privacy” explained that “standards to keep such information confidential have developed more slowly than the industry. That raises risks it could be abused for workplace discrimination, credit screening or marketing.”
All data has value. Employers – and their employees – should determine who is responsible for data use and data security.
Employers are well served to address these issues promptly through a mobile device management policy. To learn more, please join me on Thursday, November 5th at the annual Employment Law and HR Practices Conference in Springfield, MA, hosted by the Employers Association of the NorthEast for my presentation on: The e-Workplace: Balancing Privacy and Information-Security to Manage Risk.
To learn more, contact me at rhood@duffysweeney.com.