EEOC Final Rules Clarify Position on Incentives and Data Security
by Seth Golbe
Recently, the Equal Opportunity Employment Commission (EEOC) released a final rule amending regulations and interpretations of implementing Title I of the Americans with Disabilities Act (ADA). The final rules were released May 17, 2016, over a year after a notice of proposed rulemaking was issued on April 20, 2015. This new rule allows employers to offer “limited financial and other incentives” if the employee in turn answers “disability-related questions” like completing a health risk assessment or receives a medical examination as part of a wellness program regardless if the program is part of a health plan.
Prior to this rule being issued, the EEOC’s regulations on the ADA allowed employers to “make inquiries and conduct medical examinations that are part of a voluntary health program” but did not provide any definition of the terms “voluntary” nor “health program.” Furthermore, the old regulations failed to address the status of wellness incentives under the ADA.
With wellness rules from HIPAA, the ACA, the DOL, HHS and now the EEOC, wading through the alphabet soup of wellness regulations can quickly become confusing. The EEOC attempts to remain consistent with HIPAA and ACA rules surrounding incentives, but also wants to ensure incentives do not become “coercive”. There are also regulations consistent with the ADA, namely the limits to disability-related questions and exams pertaining to wellness programs — regardless of the how the data will be used — in both participatory and health contingent based programs. This ruling also defines incentives as including financial and “in-kind” rewards including premium reductions, “trinket” gifts, cash and time off.
The new rule also provides several requirements outlining what an employer can do to ensure their program is voluntary. Employers are forbidden from requiring employee participation, cannot deny an employee who does not participate in a wellness program access to coverage or bar them from choosing a specific plan and cannot retaliate or take action again an employee who decides not to join or who fails to reach certain health outcomes. Employers must also provide a notice explaining what health information they plan to obtain, how they will use it, who will see it and the disclosure restrictions.
Confidentially and data security are featured later in the ruling with two new requirements. The first mandates covered entities can only receive aggregated and anonymized health data, expect as necessary to administer the health plan. The second forbids employers from requiring employees to agree to the “sale, exchange, sharing, transfer, or other disclosure of medical information, or to waive confidentiality protections under the ADA” as a condition to participation in the wellness program or to receiving an incentive. These additions come as a welcome relief to the many Americans who want to ensure their private health information stays secure.
These new rules go into effect May 17, 2016; but are applicable as of the first day of the first plan year that begins on or after January 1, 2017.
This ruling comes out the same day as another EEOC ruling concerning Title II of the Genetic Information Nondiscrimination Act (GINA), which ruled that employers can offer incentives to employee’s spouses who participate in the program.