According to final rules issued by the U.S. Equal Employment Opportunity Commission (EEOC) on May 16, employers may offer their employees limited financial incentives or insurance discounts and still remain compliant if the employees provide information about their health as part of a voluntary employer wellness program under existing anti-discrimination laws.

Title I of the Americans with Disabilities Act (ADA) and Title II of the Genetic Information Nondiscrimination Act (GINA) generally prohibit employers from using employees’ health conditions and those of family members and spouses, unless the information is solicited and obtained under a voluntary wellness program. The EEOC’s new rules limit the existing rules by amending GINA regulations and creating new ADA regulations providing that wellness programs are only voluntary so long as employers’ incentives or discounts are not greater than 30% of the cost of self-only coverage.

To ensure voluntariness under the ADA, employers must provide covered employees with a notice that clearly explains:

  • What medical information the employer will obtain.
  • How it will use the information
  • What disclosure restrictions exist.

Employers may have to create a new notice to comply with the ADA if the existing notice describing their wellness program does not already include this information.

The final rules also set forth two requirements under the ADA about confidentiality:

  1. Employers may only receive information collected by a wellness program in the aggregate that does not disclose and is not reasonably likely to disclose specific individuals’ identities, except when individual data is necessary to administer the health plan.
  2. Employers cannot require employees to agree to the sale, exchange, sharing, transfer or other disclosure of their medical or genetic information or to waive confidentiality protections as a condition of wellness plan participation or to receive an incentive.

The final rules go into effect on January 1, 2017, and apply to all employer wellness programs, including those not affiliated with an employer’s health insurance program.

In light of the new rules, employers should:

  • Communicate clear policies about confidentiality.
  • Train employees who handle confidential information.
  • Encrypt health information.
  • Promptly notify employees and their family members if a breach occurs.