ACA, ADA, GINA, HIPAA, EEOC, AARP, GDPR – the acronyms abound and these are just a few you need to be familiar with if you’re the wellness compliance guru at your company. I’ll limit today’s discussion to two of the more recent updates you should be aware of.
General Data Protection Regulation (GDPR)
Basically, the GDPR is a singular piece of legislation coming from the European Union (EU) and the United Kingdom (UK) that applies across the EU and UK to protect the very broadly-defined personal data of its citizens. The effective date was May 25, 2018. The good news – if you don’t have employees in the EU or the UK, and don’t handle their customer information, this shouldn’t apply to your company – but if you do, you’ll want to learn a lot more about the GDPR than I offer here.
I’m no privacy or data security expert and this is kind of a big deal, so I encourage you to connect with your legal team for the specifics because GDPR could impact your wellness programming. For example, if you’re using an online wellness vendor or offering an employee assistance program (EAP) in the EU and UK, you want to make sure you have a data processing agreement in place and that your vendors have made the necessary enhancements to be compliant.
AARP vs EEOC (re: ADA and GINA)
In contrast – this topic is drawn out, not so clear-cut and the hurry-up-and-wait is maddening as we draw closer to the deadline, still without wellness regulation guidance for 2019 from the EEOC and with fall enrollment around the corner. I wrote about the Equal Employment Opportunity Commission’s (EEOC) wellness rules in January 2017. They landed back in compliance news over their rules after a lawsuit from AARP, which we blogged about earlier this year. And at the end of March, the EEOC announced they had no plans to issue the new court-ordered wellness rules for 2019 (see our compliance update here). Helpful.
Personally, I think it’s better to start planning for next year instead of waiting around for the EEOC. Consider these questions:
- What activities does your wellness program incentivize – and why? If you only provide incentives for health risk assessment (HRA) and biometric screening completion, is it to collect data on your employees? Do you use the data to protect the business from risk or to tailor programming beneficial to your population?
- What would happen if you stopped incentivizing the HRA and health screenings? You’d probably see a decline in participation, which is unfortunate because these are valuable tools for the early detection of impactful health concerns to employees and your medical plan. But maybe you’d make more of an impact on employees if you provide incentives for healthy lifestyles.
- What if you offered an incentive for ALL wellness activities? I’ve shifted many of my clients to this model – even before the court case ruling. Why? When you empower employees to truly choose their own wellness path they are more invested, and that’s what you want for your wellness program!
Yes, navigating compliance and wellness options can be overwhelming, but the resources are there – you just have to ask.