HIPAranoia....
October 25, 2012 6:58 AM

PrivacyParanoiaFilter: My employer offers a discount on my health insurance if my spouse and I take a Health Risk Assessment (HRA). I get the idea, but are there any downsides privacy-wise that they're not telling you?

So I'm starting with a new company and the health insurance offered by the company has an HRA option. If my spouse and I take the survey, they'll knock something like $12 off my monthly premium. It's not that big a savings, but H/R encourages everyone to do it. I know by law they can't require it.

I get the idea that the insurance company wants a better idea of the physical makeup of the group. There's nothing extraordinary in the assessment: tell us your height/weight/BMI, guess your blood pressure, do you smoke, exercise, how much alcohol do you consume, etc.

But TANSTAAFL. Something in my gut says that you're giving away more than what the $12 is worth. Is this an end-run around HIPAA so insurers can get some insight into your details? I'm sure there's a privacy statement in here somewhere, and we don't really have anything medically to hide, but I just get a quirky feeling about it. Anyone else paranoid like me?
posted by JoeZydeco to Work & Money (21 answers total) 5 users marked this as a favorite
Nope, my company gives a $25 per paycheck discount, so you best believe that I'm all about the assessment.

One of the things that came out of it was that I got a wellness coach to discuss nutrition, exercise, etc with.

They just want to be sure that if you have any health issues that you're doing what you can to take care of them.

Thanks to Obamacare, you can't be dropped arbitrarily from insurance or be denied, so I say give them the information and take your discount. If they recommend a wellness coach, take that too. They're nice people and they're really helpful.
posted by Ruthless Bunny at 7:06 AM on October 25, 2012


Is this an end-run around HIPAA so insurers can get some insight into your details?

Insurers already have access to all your details, necessarily. Everything in your medical report is divulged to the insurance company. Doctor-patient confidentiality is a myth as far as your relationship with your insurance company is concerned.
posted by griphus at 7:07 AM on October 25, 2012


I think the general idea is that if they can push you towards preventative health care, you spend less on medical care and they get more unused premiums. profit!
posted by rmd1023 at 7:09 AM on October 25, 2012


I'm on a plan like this, but the impact is on the deductible. HIPAA still applies to this data. The idea is that the plans cost your employers less because the insurer has better information about the risk and potential cost present in the group. I agree that it feels sketchy, but it's nothing that the insurer wouldn't already have from claims analysis. This is much cheaper for them than claims analysis and the incentives can change behavior a bit. In other words, to my understanding, you're not giving them anything they wouldn't eventually have anyway. I've been on this plan for 3 years and haven't seen any new junk mail or use of personal info.
posted by ulotrichous at 7:10 AM on October 25, 2012


I'm much more worried about improper sharing of medical information with the employer, not the insurer. I tend toward the paranoid side, but I've decided to forgo the health assessment option at work - my employer has hired a really amateurish company with incredibly rude and ignorant "health history interviewers", one of whom told me that the company shared their data with the employer when I asked. Now, that's probably not their actual policy - or at least it's only true in weak form - but when I get that kind of interaction with people handling important life details for me, I start to worry about their ability to do the job accurately.

Also, my anxiety is that somewhere down the road the law will change and this data will be accessible to your employer, allowing them to cull the herd based on blood pressure or whatever.
posted by Frowner at 7:18 AM on October 25, 2012


I imagine you've done this already, but check the fine print. I am aware of a healthcare plan with this feature that requires you to participate in wellness programs if you are diagnosed with any one of half a dozen conditions (things along the lines of high cholesterol and high blood pressure), and pulls the discount (though not the plan itself) if you are noncompliant.
posted by gnomeloaf at 7:20 AM on October 25, 2012


I'm as apprehensive as you are. If Ruthless Bunny is correct and they're just doing this to look out for me, then no one is harmed by me lying and just telling them the answer they want to hear (e.g., I don't smoke, I don't drink, I run three times weekly) as opposed to the truth (e.g., I don't smoke, I have a several beers over a month and run about three times a month).

If they are looking to do something that isn't in my best interest, but in their best interest, then, in theory, this is information they'd already have since, as griphus points out, there is no expectation of confidentiality. As Ruthless Bunny mentions, Obamacare as I understand it prevents them from acting upon this information anyhow. However my paranoia means I'll be telling them what they would like to hear.

The company contacted by my employer claims that they do not share the information with my employer with any identifying information, but does share aggregate data. (I'm sure you can all think of several instances where supposedly scrubbed data was shared and it was pretty easy to reconstruct to whom the data pertained, which is another reason I'm telling them what they would like to hear.)
posted by Brian Puccio at 7:23 AM on October 25, 2012


I imagine you've done this already, but check the fine print. I am aware of a healthcare plan with this feature that requires you to participate in wellness programs if you are diagnosed with any one of half a dozen conditions (things along the lines of high cholesterol and high blood pressure), and pulls the discount (though not the plan itself) if you are noncompliant.

Oh, yeah, that's a thing too - I have a minor health condition which my doctor manages in a successful but slightly non-standard way (without drugs!) and I worry about these programs because they sometimes override what your actual doctor who is familiar with your own personal health wants you to do.
posted by Frowner at 7:25 AM on October 25, 2012


...then no one is harmed by me lying and just telling them the answer they want to hear...

The health insurance realm is changing a lot these days, but lying to a health insurance company about something they can prove you lied about could lead to a policy cancellation. I'm not sure how that works anymore, but you might want to find out before lying to them.
posted by griphus at 7:27 AM on October 25, 2012


Brian Puccio and griphus bring up an interesting nuance.

You can certainly be cancelled from an individual policy if you lie on the application. The potential for abuse seems pretty obvious.

But you can't really get dropped from a group policy for lying on the application since there really is no application. But could you be denied coverage if you lie on the HRA?

Say you need a liver transplant for cirrhosis but put down that you never drank alcohol. Could that data be used to deny a claim?
posted by JoeZydeco at 7:43 AM on October 25, 2012


My company helps provide these kind of programs to employers.

Because of privacy laws- this kind of medical information must be stored on a separate database that your employers absolutely do not have access to. They will not receive individual information or anything that can identify you specifically, but certainly get aggregate data and reports.

It is perfectly safe and legit. These kinds of wellness programs are designed to actually help make the employees healthier- since it's beneficial for both them and their workplace. Lying hurts everyone and validates an unsubstantiated paranoia.
posted by sarahnicolesays at 7:47 AM on October 25, 2012


But you can't really get dropped from a group policy for lying on the application since there really is no application. But could you be denied coverage if you lie on the HRA?

Say you need a liver transplant for cirrhosis but put down that you never drank alcohol. Could that data be used to deny a claim?


absolutely not. That's not how it works. The main purpose of this assessment is for your employer to get reports on the collective risk factors of their employees so that they can both tailor their wellness/insurance programs to these, and also keep tabs on collective improvements/deficits. I.E if they are paying 500k a year for a stop smoking program but over 5 years find that the percent of smokers has not decreased substantially, they might scrap the program or go with another vendor.
posted by sarahnicolesays at 7:51 AM on October 25, 2012


I'm on my husband's plan like this at work. We get an extra $500 in our HSA per year if we participate in the wellness plan. We do have to go each June and have our stats measured and blood drawn. Then we have a phone session with a health counsellor and set goals for the year. If we meet our goals over the year, we get another $500 in our HSA.

The stats they measure are pretty detailed, and I've found my husband and I look forward to the new stats each year - to see if we've gotten our already pretty good numbers even better. It's fun, and I'm glad they have this program because I think it encourages everyone to make better choices and keep rates better overall. (but i may be super naive here.)
posted by Kronur at 8:12 AM on October 25, 2012


The reason that the insurer shares aggregate data with the employer is because that is how they price insurance plans. Young people use less health care; men use less health care; people with low blood pressure and low cholesterol who don't drink and don't smoke use less health care. Chances are your insurer is already sharing lots of aggregate data with your employer "hey, your employees used $1,000,000 in health care last year; $600,000 of that was on preventative care, and $300,000 was spent on ER visits; we should try to reduce ER visits, lets up that copay and lower the copay for urgent care".

If this kind of thing really bothers you, what you should fight for is to untie health care from your employer. But I wouldn't worry about sharing basic health profile info in aggregate.

(Which isn't to say that I don't think employers discriminate against people who use a lot of health care. Some do. But in my experience they don't do it based on this data; they do it based on knowing which employees consume lots of health care through things the employees say themselves. If you have cancer, or seven kids, or a super high risk pregnancy (hi!) or whatever, your employer knows this because you talk about it to your cooworkers, or because you miss work, or whatever. There are bad bad employers out there who act on this).
posted by dpx.mfx at 8:14 AM on October 25, 2012


My dad just started going to his wellness counciler after he found out he could save 15 bucks a check. The benefit to the insurer seems clear cut- already my father has had smoking cessesion training, got an appointment with his doctor to finially address his high blood-pressure (which he has been aware of and ignored for two years) and he and his wife are set to go to a "active people" meet up next week.

I guess I'm saying that the benefit is so clear, I don't know that they HAVE to do something sneaky for it to be worthwhile to them.
posted by Blisterlips at 8:29 AM on October 25, 2012


I am on a health care committee that helps decide on plan details for the group plan for my institution. We are in the process of instituting something like this---HRAs and biometrics the first year, and then more strict "outcomes-based wellness goals" in subsequent years to get "preferred pricing" ( = they charge folks who don't do this more).

I asked about the privacy implications at a recent meeting, and I was assured that all the data is collected and analyzed and dealt with by a third-party vendor who is restricted by HIPPA from sharing the actual data with the employer. The third party vendor might also contact indivdual employees who are identified as 'high-risk' with various educational informatin, disease management stuff, etc. the empolyer would not be doing the contacting and would not know the details. There is a slight privacy implication in that your employer does know who receives preferred pricing, but not why. All the employer receives --- or else is in voiolation of HIPAA and can be sued for big money---is aggregate data, and not all that finely sliced and diced, either. Things like x employees were overweight (ugh, BMI) and y employees had a glucose level above z.

The idea is that by strongly encouraging folks to stay healthier, and to catch things early, it will keep total health care costs down.
posted by leahwrenn at 8:32 AM on October 25, 2012


I had always believed that the aggregate data is used by the company to negotiate better rates from insurers. Here see how healthy our employees are. Of course it could go the other way too.
posted by tman99 at 9:11 AM on October 25, 2012


From the HR side, I've been through this process. Above is correct in that the insurance company already knows all your health details but your employer does not.

I received a report every year that had only aggregate data, and I believe there was some sort of minimum participation required before I could even get the data. It was VERY general data, like ___% of participants have high cholesterol, stuff like that. Then I received a list of the employees that participated so that I could adjust the employer contribution to their HSAs.
posted by magnetsphere at 9:34 AM on October 25, 2012


Thanks everyone, and thanks leahwrenn for showing could come next after the HRAs.

Thanks to Obamacare and the current dismal state of health insurance in the USA and everyone trying to think up *some* way to make it work, I see this as a constantly changing landscape and you need to keep your head up high to navigate. Your insights have been helpful.
posted by JoeZydeco at 11:23 AM on October 25, 2012


Many years ago I worked for a company that mailed paper health risk assessment forms to each employee that were supposed to be anonymous. I noticed that my form had a serial number on it and declined to return it.

Curiously, about two weeks later I received an email from HR dinging me for failing to turn in my "anonymous" health form. I forwarded this email to "all-company" which caused quite a stink.
posted by JackFlash at 11:29 AM on October 25, 2012


Most HRAs are run by third party companies but I don't know that the law requires this. Your insurer probably knows more about your health than you do already since they see every claim. The HRAS takes your answers, reports them to your insurer, and that inf goes in with the rest of your information. This may then trigger follow up calls if your answers indicate you hav an incipient issue like prediabetes.

Your employer should never see any data tying you to specific health treatment. HOWEVER. If you work in a very small company and have a known health issue that runs up a big claim, your employer can probably figure that out.

The skeevy thing that can happen in smaller companies is this: company wants to go with Insurer X. X gets copies of claims data over last few years to come up with a fee. X says sorry, you have these giant expensive chronic care claims, we can't give you a good rate. Unscrupulous employers might then consider firing people they know have large claims to get the better rate.

Absent that, your risks are low.
posted by emjaybee at 6:09 PM on October 25, 2012


« Older Please help me get this flea problem solved   |   Doc, it hurts when I do this... Newer »
This thread is closed to new comments.