Tag Archives: gina

Dissecting Landmark Decision on Wellness

This is a follow-up to the announcement and “back story” of the Dec. 21 wellness decision in AARP vs. EEOC, a decision that could severely curtail incentives and penalties…and that could, to paraphrase the most memorable G-rated words ever spoken by Bill Clinton, end wellness as we know it.

That’s the bad news. The good news is that this decision may actually be a windfall for employers with wellness programs that use heavy incentives.

Q: What just happened?

AARP just won a very favorable district court ruling against the Equal Employment Opportunity Commission (EEOC), the agency charged with enforcing the Americans with Disabilities Act (ADA) and the Genetic Information Non-Discrimination Act (GINA). The full decision is here.

Q: How is this different from the previous ruling in AARP v. EEOC?

The original ruling, though in favor of AARP, gave EEOC more than three years to amend its rules to redefine “voluntary” to match the dictionary definition. The new ruling gives one year both for the EEOC to write the rules and for employers to implement the rules, and makes clear what is expected of them. Here  is the key to why this decision should stick:

The government can’t define “voluntary” to include fines of $2,000 or more for non-compliance if it also requires a “mandate” — the opposite of a voluntary option — that carries only a $695 penalty for non-compliance. A voluntary option can’t include remotely as high a penalty for non-compliance as a mandatory requirement, especially in the very same law.

See also: A Wellness Program Everyone Can Love  

Q: What will remain as of January 2019 that employers can require subject to forfeitures?

It is still OK to offer medical screenings and HRAs (collectively, “medical exams”) OR dangle incentives or fines (collectively “forfeitures”), just as it is today. The difference is that the programs involving required forfeitures can’t also require medical exams, which both the ADA and GINA say can only be “voluntary.” The court ruled that you can’t force employees to undergo “voluntary” exams by dangling or threatening to withhold large sums of money.

So you can still require employee forfeitures up to 30% (50% for smokers), and you can still offer medical exams. You just can’t combine the two. That’s because, in order for a wellness program to fall under ADA and GINA in the first place, medical exams must be involved. So, for example, requiring employees to either do screening or do Quizzify is still allowed.

Q: Does this cover screenings only, or are programs that combine annual physicals and forfeitures also affected?

A: If the results of the latter are not shared with the employer,  it appears that they may still be require-able. A better question is why an employer would want to require them. First, they lose money.  Second, they don’t appear to benefit employees, either. The New England Journal of Medicine, the Journal of the American Medical Association, Choosing Wisely and Consumer Reports (and also Slate) have all looked at the data and concluded that for most people annual physicals confer no net health benefit, meaning even if they were free they would be worthless. (People who have continuing health issues should, of course, see their doctor regularly. Those would not be considered checkups under this definition.)

Logically and intuitively, this conclusion would appear to be especially true when employees submit to those physicals under duress. Quizzify — and this question, like most Quizzify questions, carries the Harvard Medical School (HMS) shield — recommends two checkups in one’s twenties, three in one’s thirties, four in one’s forties, five in one’s fifties and for most people annually after that. However, this is also Quizzify’s most edited-out Q&A, as some employers nonetheless want even healthy employees to get physicals every year, and Quizzify respects that choice (though a customized question advocating it could not carry the HMS shield).

Q: These Q&As seem very Quizzify-centric.

A: That’s not a question, but I’ll answer it anyway. There are two reasons for that:

  1. We know of no other vendor that solves the problem and guarantees the solution, with EEOC indemnification. Quizzify was both conceived and designed in anticipation that this court decision would happen someday. (I just didn’t expect it to happen four days before Christmas, which meant a lot of my cousins got gift cards instead of ugly sweaters.) All my exposes on the wellness industry led me to conclude that conventional “wellness or else” (as Jon Robison calls it) could never survive a court challenge…and I designed a product specifically to allow employers to address that challenge immediately and completely.
  2. Those of you familiar with my work know I have only three talents in life: wellness outcomes measurement, employee health literacy/consumerism education and self-promotion.

Your vendor, Quizzify or not, should offer something like this right on their website. If they do, you’re safe:

Q: What other analyses should we be looking at?

The best is The Incidental Economist. AARP hasn’t released a formal statement, but its informal back story can be found at the bottom of this posting.

Q: So what should we do about it?

Simply add the option of taking Quizzify quizzes to the option of HRAs/screenings. That one-step fix is guaranteed and indemnified to solve your legal issues. It will also save money both up front (a year of Quizzify costs much less than a single screening) and down the road, because wiser employees make healthier decisions…and healthier decisions save money. Employees also like playing trivia more than they like being browbeaten into promising to eat more broccoli.

If your vendor refuses to add Quizzify via a “single sign on” and you don’t want to add it separately, you can fire the vendor (we can help you do that — if the vendor shows a positive ROI it means their outcomes are fabricated, which we can easily demonstrate) and replace them with one that will, of which there are more to choose from every week.

Q: What happens next?

A: The EEOC needs to rewrite the rules to comply with this decision by making new rules — and needs to do it in 2018 so that they can be adopted and implemented by employers by January 2019. The definition of “voluntary” will be a line-drawing exercise. Likely, gift cards and small incentives will be considered “voluntary.” If your incentive falls within whatever cap they decide upon already, you’re fine, with or without Quizzify.

Q: Is this is last word?

A: No.  First, the final rules have yet to be written. The rules then have to be approved by the district court.

Along with that uncertainty are two others. The EEOC could appeal, because these days it tends to oppose employee rights, rather than support them. However, the DC Appellate Circuit, led by Merrick Garland, would likely not be favorably disposed toward arguments that require, for example, defining “involuntary” as “voluntary,”  especially when the court will know that even award-winning vendors harm employees, vendors flout guidelines and screen the stuffing out of employees and give incorrect advice, creating further harms, and that the industry itself is rife with corruption, starting at the top. (I published my last paper in a medical-legal journal rather than a clinical journal specifically in anticipation that it might be the basis for an amicus curiae brief specifically in a situation like this.)

See also: Should Wellness Carry a Warning Label?  

In an unregulated, employee emptor environment like this, voluntary fines collected by shareholders from employees wanting to protect themselves from the harms above should not exceed fines set as penalties for a mandate, and paid into a pool to create an insurance product. (That the mandate is going away is not relevant — it’s the fact the government has two words with opposite meanings that have inverse fines.)

Alternatively, an Act of Congress could gut GINA. The American Benefits Council could try to convince the legislators their colleagues contribute heavily to, like Virginia Foxx (R-NC5), to push HR1313, for example. HR1313 is arguably the worst bill of any type ever to clear a congressional committee, in that nobody benefits from it (other than DNA collection vendors, for whom it would be a windfall), but the ABC has already demonstrated its disregard for the best interest of its own members by browbeating Rep. Foxx into proposing that bill in the first place. The ABC is down, but not out…and, as this video shows, being down but not out can cloud one’s judgment.

However, because quite literally none of her constituents are helped by this bill and most of them in both parties detest it, Foxx may decide to disappoint her corporate overlords on this one, especially because it’s an election year.

Q: How is HR1313 (or a bill like it) that ABC might propose on behalf of its members (large employers) not in “the best interest of its own members”?

A: Many employers have finally figured out that even their own vendors know wellness loses money, and that incentives generally don’t change behavior because employees revert to their old behaviors once the incentive ends. (Incentives do work for Quizzify-type programs, because, as you’ll see for yourself if you take the quiz, once you pay an employee to know things, she can’t un-know them. Pay an employee to learn that CT scans are full of radiation once, and he will stop demanding unnecessary CT scans forever.)

However, employers are stuck with these huge incentives now, which some employees expect annually. This rewrite of the “voluntary” rules, likely capping incentives in the low three figures, will allow employers to spend much less on incentives…and blame the government. (Obviously, we hope they maintain the incentives and instead just offer the Quizzify alternative. This will also save money due to Quizzify’s low price and a much-reduced number of employees having to follow up on false positives.)

If ABC were to be successful in gutting GINA and allowing financially coercive wellness programs to continue unabated, employers would still have to fork over large incentives.

Navigating EEOC and Labor Department

Trends in 2013 suggest that the Equal Employment Opportunity Commission is stepping up litigation, potentially involving large dollars.

Recoveries by the EEOC were $39 million in 2013, slightly down from the $44 million recovered in 2012, but 2013 featured some high-profile cases. In 2014, the focus is likely to be on the Americans with Disabilities Act (ADA) and on the Genetic Information Nondiscrimination Act (GINA).

Even though GINA has been in effect since 2009, it wasn’t until 2013 that the EEOC filed its first lawsuit alleging genetic discrimination. The suit, against Tulsa-based Fabricut (Civil Case No: 13-CV-248-CVE-PJC), alleged the company violated the ADA by refusing to hire a woman because it regarded her as having carpal tunnel syndrome and violated GINA when it asked for her family medical history in a post-offer medical examination. Employers need to be very aware that GINA prohibits requesting family medical history, even with a contract medical provider during a post-offer examination. In May 2013, Fabricut agreed to settle the suit for $50,000 and to take specific actions to prevent future discrimination.

Just nine days into 2014, the EEOC settled its first systemic lawsuit alleging GINA violations, for $370,000. According to the complaint (EEOC v Founders Pavilion Inc. No 13- CV-06250), Founders Pavilion conducted post-offer, pre-employment medical exams and asked applicants to provide information about their family medical history. The suit also alleged that Founders Pavilion: fired an employee after refusing to provide her with an accommodation, a violation of the ADA; refused to hire two women because of a perceived disability; and either refused to hire or fired three women because they were pregnant.

It appears that there will be a major focus in 2014 on ADA and GINA violations –- which go hand in hand. Note that the trend in EEOC litigation regarding ADA claims has shifted from disability to a focus on an employer’s obligation to provide reasonable accommodations.

For federal contractors, the key question in 2014 is: “Are you disabled?” The Labor Department issued new rules that will require federal contractors with 50 or more employees or with more than $50,000 in government work to pose that question to workers, in an effort to reduce the ever-increasing jobless rate of people with disabilities. Employees aren’t required to answer the question, but federal contractors will have to show that at least 7% of their workforce has disabilities or will face fines and potential loss of contracts.

Although the ADA does not allow employers to inquire about disability, the EEOC has made an exception so employers can comply with the Labor mandate. But lots of issues will arise. Do employees want their bosses to perceive them as disabled? Will more employees qualify as disabled with the broader definition of disability enacted with the 2008 amendment to the ADA? What will happen to reasonable accommodations, given that the exception that allows employers to ask about disabilities doesn’t appear to then allow a disabled individual to ask for a reasonable accommodation? 2014 will certainly be interesting!

While we wait to see what shakes out, there are some practices and employer can follow.

Relative to GINA, it is important for employers to know that the new regulations provide a quasi-safe harbor to employers who have inadvertently received genetic information when that information was not sought. The EEOC suggests that the employer use the following language on any requests for medical information:

“The Genetic Information Nondiscrimination Act of 2008 (GINA) prohibits employers and other entities covered by GINA Title II from requesting or requiring genetic information of an individual or family member of the individual, except as specifically allowed by this law. To comply with this law, we are asking that you not provide any genetic information when responding to this request for medical information. ‘Genetic information’ as defined by GINA includes an individual’s family medical history, the results of an individual’s or family member’s genetic tests, the fact that an individual or an individual’s family member sought or received genetic services, and genetic information of a fetus carried by an individual or an individual’s family member or an embryo lawfully held by an individual or family member receiving assistive reproductive services.”

Relative to reasonable accommodations, employers are being urged by the EEOC to accept a doctor’s work release even if it has restrictions. Employers are also being urged to document entering into the interactive process if the reasonable accommodation is not straightforward or if the employer cannot meet the physician’s restrictions.

Although an employer may not ask disability-related questions or conduct a medical exam of an applicant until after making a conditional offer of employment, an employer may condition employment on the results of a medical examination or inquiries so long as all employees in a classification are subject to the same testing and or inquires and so long as the testing does not infringe on GINA. In addition, post-offer examinations may not be used to discriminate against individuals with disabilities. The testing must also be job-related and consistent with business necessity and evaluate some of the essential functions of the job. Furthermore, these tests cannot discriminate against a certain class. For example, they cannot be unduly difficult for a woman.

According to the ADA, the term “discriminate” includes an employer’s failure to make reasonable accommodations. The applicant should be provided the criteria for passing the test, based on the job description. It is very important for the employer to enter into the interactive process if performance of the essential job functions cannot be met.

Baseline testing — a tool that can assist employers in managing employees’ injuries by establishing if the injury arose out of the course and scope of employment — must follow the same guidelines as a post-offer test. Baseline testing must be conducted for all individuals in a classification, must be consistent with business necessity, cannot discriminate against a certain class and must evaluate some of the essential functions of the job. Baseline testing differs from post-offer testing in that it is usually not read until a work-related incident occurs.

2014 might be a trying time for employers, but the best defense for an employer is to be prepared.

Restated HIPAA Regulations Require Health Plans To Tighten Privacy Policies And Practices

Health plans, their insurers, employer and other sponsors, and business associates have work to do. Health care providers, health plans, health care clearinghouses and their business associates will need to review and update their policies and practices for handling and disclosing personally identifiable health care information (“PHI”) in response to the omnibus restatement of the Department of Health & Human Services (“HHS”) Office of Civil Rights (“OCR”) of its regulations (the ” 2013 Regulations”) implementing the Privacy and Security Rules under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Rulemaking announced January 17, 2013 may be viewed here.

Since 2003, HIPAA generally has required that health care providers, health plans, health care clearinghouses and their business associates (“Covered Entities”) restrict and safeguard individually identifiable health care information (“PHI”) of individuals and afford other protections to individuals that are the subject of that information. The 2013 Regulations published today complete the implementation of changes to HIPAA that Congress enacted when it passed the Health Information Technology for Economic and Clinical Health (HITECH) Act in 2009 as well as make other changes to the prior regulations that the Office of Civil Rights found desirable based on its experience administering and enforcing the law over the past decade.

Since passage of the HITECH Act, Office of Civil Rights officials have warned Covered Entities to expect an omnibus restatement of its original regulations. While the Office of Civil Rights had issued certain regulations implementing some of the HITECH Act changes, it waited to publish certain regulations necessary to implement other HITECH Act changes until it could complete a more comprehensive restatement of its previously published HIPAA regulations to reflect both the HITECH Act amendments and other refinements to its HIPAA Rules. The 2013 Regulations published today fulfill that promise by restating the Office of Civil Rights' HIPAA Regulations to reflect the HITECH Act Amendments and other changes and clarifications to OCR's interpretation and enforcement of HIPAA.

Highlights Of Changes
Among other things, the 2013 Regulations:

  • revise the Office of Civil Rights' HIPAA regulations to reflect the HITECH Act's amendment of HIPAA to add the contractors and subcontractors of health plans, health care providers and health care clearinghouses that qualify as business associates to the parties directly responsible for complying with and subject to HIPAA's civil and criminal penalties for violating HIPAA's Privacy, Security, and Breach Notification rules;
  • update previous interim regulations implementing HITECH Act breach notification rules that require Covered Entities including business associates to give specific notifications to individuals whose personally identifiable health care information is breached, the Department of Health & Human Services and in some cases, the media when a breach of unsecured information happens;
  • update interim enforcement guidance the Office of Civil Rights previously published to implement increased penalties and other changes to HIPAA's civil and criminal sanctions enacted by the HITECH Act
  • implement HITECH Act amendments to HIPAA that tighten the conditions under which Covered Entities are allowed to use or disclose personally identifiable health care information for marketing and fundraising purposes and prohibit Covered Entities from selling an individual's health information without getting the individual's authorization in the manner required by the 2013 Regulations;
  • update the Office of Civil Rights' rules about the individual rights that HIPAA requires that Covered Entities afford to individuals who are the subject of personally identifiable health care information used or possessed by a Covered Entity to reflect tightened requirements enacted by the HITECH Act that allow individuals to order their health care provider not to share information about their treatment with health plans when the individual pays cash for the care and to clarify that individuals can require Covered Entities to provide electronic personally identifiable health care information in electronic form;
  • revise the regulations to reflect amendments to HIPAA made as part of the Genetic Information Nondiscrimination Act of 2008 (GINA) which added genetic information to the definition of personally identifiable health care information protected under the HIPAA Privacy Rule and prohibits health plans from using or disclosing genetic information for underwriting purposes; and
  • clarifies and revises other provisions to reflect other interpretations and information guidance that the Office of Civil Rights has issued since HIPAA was passed and to make certain other changes that the Office of Civil Rights found appropriate based on its experience administering and enforcing the rules.

Covered Entities And Business Associates Must Act To Review And Update Policies And Practices
The restated rules in the 2013 Regulations make it imperative that Covered Entities review the revised rules carefully and updated their policies, practices, business associate agreements, training and documentation to comply with the updated requirements and other enforcement and liability risks. The Office of Civil Rights, even prior to the regulations, has aggressively investigated and enforced the HIPAA requirements.

The commitment of the Office of Civil Rights to enforcement most recently was demonstrated by its recent settlement with Hospice of North Idaho (HONI). On January 2, 2013, the Office of Civil Rights announced that the Hospice of North Idaho will pay the Office of Civil Rights $50,000 to settle potential HIPAA violations that occurred in connection with the theft of an unencrypted laptop computer containing electronic personally identifiable health care information. The Hospice of North Idaho settlement is the first settlement involving a breach of electronic personally identifiable health care information affecting fewer than 500 individuals.

While the Hospice of North Idaho settlement marks the first settlement on a small breach, this is not the first time the Office of Civil Rights has sought sanctions against a covered entity for data breaches involving the loss or theft of unencrypted data on a laptop, storage device or other computer device. Rather, the Office of Civil Rights continues to roll out a growing list of enforcement actions demonstrating that the potential risks of HIPAA violations are significant and growing. See also:

Coupled with statements by the Office of Civil Rights about its intolerance, the Hospice of North Idaho and other settlements provide a strong warning to covered entities of the need to carefully and appropriately manage their HIPAA encryption and other Privacy and Security responsibilities. Covered entities are urged to heed these warning by strengthening their HIPAA compliance and adopting other suitable safeguards to minimize HIPAA exposures.

In response to the 2013 Regulations and these expanding exposures, all Covered Entities should review critically and carefully the adequacy of their current HIPAA Privacy and Security compliance policies, monitoring, training, breach notification and other practices taking into consideration the Office of Civil Rights' investigation and enforcement actions, emerging litigation and other enforcement data, their own and reports of other security and privacy breaches and near misses, and other developments to decide if additional steps are necessary or advisable.