A person touching a fitness tracker on their wrist.

Workplace wellness programs—promoted as a way to foster healthy behavior and encourage preventive care—are having a moment.

Last year, 82 percent of larger companies (those with 200 employees or more) and 53 percent of smaller ones offered some type of wellness program, according to the Kaiser Foundation’s annual survey of workplace benefits. By some estimates, workplace wellness is an $8 billion industry.

And having access to a wellness program at work—one that may help you lose weight, get in shape, quit smoking, or otherwise improve your health—sounds like a welcome benefit. Especially if it comes with financial enticements, such as gift cards, merchandise like fitness trackers, cash, contributions to health-related savings accounts, or a discount on your health insurance. The 2016 Kaiser workplace benefits survey found that 42 percent of large firms with wellness programs offered employees a financial enticement to participate in or complete the program.

More on Medical Privacy

Some companies offer lunchtime walking groups and on-site exercise or nutrition classes. They may also provide employees with wearable fitness trackers to record information such as daily steps and hours of sleep.

Others have more extensive offerings and come with comprehensive health questionnaires that ask about your lifestyle habits, physical and mental health, reproductive plans, and family medical history. They may also offer screenings to measure your blood pressure, blood sugar, body mass index (BMI), and cholesterol. Some even feature genetic testing.

But are these get-healthier programs as good for you as they sound? The answer isn’t so simple. Research on their ability to improve well-being has had mixed results over the years. Plus, participating often means sharing personal health information or having to meet specific health or fitness goals.

And “there are definitely privacy concerns,” says Pam Dixon, executive director of the World Privacy Forum. “There are so many different kinds of wellness programs and different [privacy] laws for different ones. It’s very complex.”

Dena B. Mendelsohn, senior policy counsel for Consumer Reports, says that because of the wide variety of types and operators of wellness programs, the application of these laws is spotty and inconsistent—rendering them inadequate. 

In addition, “one potential problem with wellness programs is they can create an atmosphere in which certain health behaviors or levels of physical performance are expected,” says Anna Kirkland, J.D., Ph.D., a professor of women’s studies at the University of Michigan. “Employees with disabilities or other reasons for not participating might feel discriminated against or not welcome.”

For instance, she notes that if you can’t lose enough weight to achieve a program’s desired BMI goal or you're just too busy to take 10,000 steps a day, you could feel like you’re not the kind of employee the company wants.

Consumer Reports is currently sponsoring a bill in California (AB-648) calling for clear privacy protections—limiting the collection of personal information and prohibiting its sharing, for instance—and other safeguards, such as forbidding employers from requiring participation in wellness programs. 

“Our goal is to make sure privacy rights are consistent across all programs, and to increase transparency so that employees know what data is being collected,” says Mendelsohn. “If workers choose to participate in a wellness program, they should be able to do so without giving up their right to privacy, and without suffering discrimination or financial penalties based on whether or not they participate.”

Before you join a workplace wellness program, it's important to consider the following.

How Do the Privacy Laws for Workplace Wellness Programs Work?

In many cases, wellness programs are run by the health insurance plan an employer offers its employees. But some companies hire outside vendors to set up and oversee their wellness offerings.

And when it comes to your privacy, there’s a big difference. If a program is run through your company’s health insurance plan, what's known as HIPAA (based on the Health Insurance Portability and Accountability Act of 1996) privacy rules apply. (Other federal or state laws may also apply.)

This means that just like your doctor’s office, the health insurance company running the program is legally required to keep your personally identifiable health information—info that can be linked to you or used to identify you—private.

If your company is self-insured (common for larger workplaces) and offers a wellness program through that self-administered health plan, it’s also subject to HIPAA rules. (One exception: if the plan has less than 50 participants.)

But if the program is run by an outside vendor, as many are, HIPAA rules don't apply. “Independent wellness vendors aren’t really regulated at all,” says Dara Smith, an attorney with the AARP Foundation. “You are basically trusting them not to share your health data with your employer.”

In addition, if an independent vendor is running your company’s wellness program, that vendor can legally share or sell your data to advertisers or other companies.

What this might mean: Say, for instance, you noted in your health questionnaire that you’re trying to get pregnant. You may start receiving pop-up ads or email for products like ovulation prediction kits. This is legal but might feel like an invasion of privacy to some.

Will These Programs Help Your Health?

It’s unclear. Many of the studies on workplace wellness have been observational, which means they compare those who choose to participate in a program with those who don’t.

But while these kinds of studies can make associations, they can’t prove that one thing (participating in a wellness program at work) causes another (such as lower cholesterol levels).

Studies where people are randomly assigned either to a wellness program or not may give us better evidence about effectiveness. And a couple of studies have done this recently, including a Harvard Medical School one just published in JAMA, which looked at almost 33,000 employees at BJ’s Wholesale Club over 18 months.

It found that in workplaces with a wellness program, 8.3 percent more employees reported exercising regularly, and 13.6 percent more said they were actively managing their weight. But the research didn’t find any positive effects on health measurements like blood glucose or blood pressure, spending on healthcare, or on absenteeism rates.

There may have been an issue with this research, too. The Harvard study was too short for results to be meaningful, according to Ron Goetzel, Ph.D., vice president at IBM Watson health and a senior scientist at Johns Hopkins Bloomberg School of Public Health. “The time horizon was 18 months, which, historically is not long enough,” he says. “In many of the studies we’ve done, it typically takes three to five years to see an impact on risk reduction, disease incidence, healthcare costs and productivity.”

What About Financial Incentives?

Getting a “bonus” of some kind for taking part in a wellness program seems like a motivating factor. But some experts say that connecting such programs to, say, discounts on insurance muddies the waters of what’s truly voluntary.

“If employees want to participate and share their health information, it has to be a free choice, not a coerced decision,” says Smith of AARP. “If the penalty for not participating is that your health insurance premiums will be higher, employees may feel like they have to share their health information in order to save money.”

What Should You Do?

That depends, in part, on what you’re hoping to achieve. Taking advantage of activity-based offerings like worksite exercise classes or healthy-eating talks has few, if any, downsides. But if you are signing up for any program that involves sharing detailed health information or taking medical tests, or it has a financial incentive tied to the outcome, experts urge caution.

“The first question to ask is whether the program is covered [or a covered entity] under HIPAA,” says Dixon. “And that means ‘covered,’ not just HIPAA-compliant.” The latter isn’t meaningful as a privacy protection, she notes.

Dixon also suggests determining whether the program is activity-based (like yoga or cooking classes) or outcome-based, meaning it uses your data for health risk assessments, tests, or questionnaires. The latter has far more potential to cause privacy problems, she explains.

Be cautious about programs that are competitive, such as workplace "Biggest Loser" type offerings, says Goetzel. “I’m also wary about pure incentive programs, which are becoming much more popular, like those that pay you to lose weight,” he adds. “Money can get your attention, but there’s not a lot of research on how it works long-term to get people to lose weight, quit smoking, or manage stress.”  

It's reasonable to check the program's privacy policies, too, and to know that if you choose to participate, you don’t have to answer every question asked of you or take every test.

And last, the goals and recommendations of a wellness program may not align with your personal healthcare decisions. “If something you’re being asked to achieve in your workplace wellness program is unhealthy in your doctor’s opinion, you shouldn’t be required to do it,” says Kirkland. “Wellness programs should never replace or supersede your doctor’s advice.”