Serving Clients Nationwide. Call us at 608-579-1267


The EEOC Rules and Your Wellness Portal

Posted by Barbara J. Zabawa | Dec 16, 2016 | 0 Comments

Many workplace wellness programs use a wellness portal that participants use to provide health information through a health risk assessment, learn healthy living tips, track fitness or nutrition progress, among other things.  These wellness portals are not immune from complying with laws governing the collection, storage, use and disclosure of participant health information.  Owners of wellness portals must be aware of requirements under HIPAA, the FTC Act, the Americans with Disabilities Act (ADA) and the Genetic Information Nondiscrimination Act (GINA), for example.

In May 2016, the Equal Employment Opportunity Commission (EEOC) issued final rules under the ADA and GINA that impact wellness portals.  The ADA requires wellness programs that collect health information, regardless of whether there are any incentives, to provide participants with a notice.  The notice must be understandable, describe the type of medical information that will be obtained, the specific purposes for which the information will be used, and describe how the employer will protect that health information from improper disclosure. The EEOC issued a sample notice, which can be found here.  Importantly, this notice must be provided before the participant reveals their health information through the portal.  That means that the portal must have a mechanism in place to ensure that the participant sees the notice.  This might be through a pop-up window that the participant must read before moving into the portal services and offerings.

Similarly, the GINA rules require an “authorization” for the collection of “genetic information.”  The final GINA rules now permit wellness programs to incentivize employee spouses to disclose the spouse's manifestation of disease or disorder information.  Such information is considered “genetic information” and may be collected through a spouse completing a health risk assessment on the wellness portal.  Before the spouse can disclose that information, however, the spouse must provide “prior, knowing, voluntary and written authorization.”  The authorization form must also describe the confidentiality protections and restrictions on the disclosure of genetic information. 

For wellness portals, this prior, knowing, voluntary and written authorization may need to take the form of a pop-up window that the wellness participant actively acknowledges seeing and reading, perhaps through an electronic signature, before revealing their manifestation of disease or disorder information through the portal.  The Center for Health and Wellness Law, LLC has helped clients navigate how to address these requirements through wellness portals.

One other item of note for wellness portals under the EEOC rules:  portals should not just be about collecting health information.  The portal must offer meaningful follow-up to the participants in order to meet the ADA and GINA requirements that the wellness program be “reasonably designed to promote health and prevent disease.”  The EEOC rules state that the program must provide results, follow-up information or advice in order to be reasonably designed to promote health or prevent disease.  The Center for Health and Wellness Law, LLC can help ensure your portal is in compliance.  Please contact our firm to assist with your wellness compliance needs. 

About the Author

Barbara J. Zabawa

Barbara is lead author of the book Rule the Rules on Workplace Wellness Programs, published by the American Bar Association. She is a frequent writer and speaker on health and wellness law topics, having presented for national organizations such as WELCOA, National Wellness Institute, HPLive, Healthstat University and HERO. Barbara J. Zabawa is a Clinical Assistant Professor for the University of Wisconsin Milwaukee College of Health Sciences, Department of Health Services Administration where she teaches graduate and undergraduate courses in health law and compliance, US health care delivery and health professions career development. Barbara also owns the Center for Health and Wellness Law, LLC a law firm dedicated to improving legal access and compliance for the health and wellness industries.  Before graduating with honors from the University of Wisconsin Law School, she obtained an MPH degree from the University of Michigan. Immediately prior to starting her own firm, she was Associate General Counsel and HIPAA Privacy Officer for a large health insurer where she advised on Affordable Care Act matters. She was also a shareholder and Health Law Team Leader at a large Wisconsin law firm. Barbara serves health and wellness professionals and organizations across the country as an advocate, a transactional lawyer and a compliance resource. Her commitment to improving health and wellness also shows through her community service. Barbara founded the Wellness Compliance Institute, a nonprofit organization that seeks to improve wellness program and activity compliance. She also is a Board Member for the Rogers Memorial Hospital Foundation, a health care organization that specializes in treating mental illness and she chairs the State Bar of Wisconsin Health Law Section. Barbara is licensed to practice law in both Wisconsin and New York.


There are no comments for this post. Be the first and Add your Comment below.

Leave a Comment

Make Compliance a Selling Point

You work hard to differentiate yourself from the pack. The Center can help. The Center offers compliance evaluations and support to give you and your clients confidence in the services you provide. Backing up your health or wellness services with the Center's expertise in health and wellness compliance can enhance the credibility and effectiveness of your health or wellness service. Contact us today. We would love to be your legal partner!

Contact Us

Fill out the form on this page or call us at 608.579.1267