All Eyes on Your BMI, and That's Just the Least of It

For those of you who feel content that your chronic illness and/or health information is safe from the prying eyes of employers thanks to so-called privacy laws such as HIPAA, I have bad news for you. The truth is if your employer is self-insured, and many large employers are, the administrators of your health plan (executive level employees in your company) have access to the most sensitive information in your medical file due to a loophole giving carte-blanche access to plan administrators. Nothing is safe, and I should know since I worked on a corporate account for a private insurance company where a team of nurses was purchased along with the insurer’s administrative services basically to keep tabs on employees.

Now, in all fairness, the nurse team’s function was supposed to be all about health promotion and case management with the intention of cost-containment, not an unreasonable goal. The nurse team would telephone all plan members who were hospitalized or received services requiring preauthorization (e.g., elective surgeries, home health services, and durable medical equipment), again with the well-meaning goal of preventing readmission due to lapses in care or to ensure network compliance, both of which have been shown to dramatically decrease healthcare costs to the employer and in the long-term, for employees by reducing or at least steadying premiums. The team would also contact a list of plan members who had been identified via claims data as having certain “high-dollar” or “at risk” diagnoses, multiple hospital admissions, and variations in ancillary services, such as extensive physical or occupational therapy visits or other outpatient services. The most crucial list of people to contact were those poor souls unlucky enough to appear on the quarterly “high-dollar” claims list, meaning they exceeded an employer-set threshold and thus, required investigation.

Some might contend that it’s perfectly reasonable for an employer footing the monstrous bills of its employees to want to know what’s going on with them, namely how come these people are costing so much and what can be done to stop the bleeding. I can tell you that the answer is usually “nothing,” as a significant number of these individuals will likely be dead by the next quarter or are so acutely ill they require the most expensive treatment regimens (e.g., transplants, premature births, and lengthy intensive care stays). The problem comes in when a nurse team is directed to collect incidental information, such as one’s height and weight (enabling calculation of the fated BMI), lifestyle habits (namely smoking and alcohol use), and use of certain medications like antidepressants and enter it into an electronic health record that is made available to the employer’s plan administrators. This data doesn’t pose a problem in aggregate, but where I’ve seen it potentially blow employees’ cover and rip their privacy to shreds is when a plan member appears on one of the aforementioned trigger lists.

The plan administrators can pore over this individual information when assessing a high-dollar claim, and despite measures to conceal demographic information, I can attest that it’s not too difficult to decipher a member’s identity, and if this member has been particularly forthright and chatty with the nurse team, the employer has an even more complete picture of their “ill” health status. Of course, the information is supposed to be held in strict confidence, but when the plan administrators are your colleagues, there are far weightier issues at stake, such as job security and the potential for any number of discriminatory practices (e.g., denial of promotions, vacation/sick time, future benefits). Who’s to say your information won’t be leaked to your immediate supervisor, who then might become much more thorough in scrutinizing your job performance and presenteeism. I’ve been privy to many a conversation among plan administrators lamenting the number of sick employees on the payroll and how to avoid employing such people. The issue makes me squirm, and I’m in good health. Here’s hoping I remain so.

How do you keep your medical information secure from your employer’s prying eyes? First, be aware that self-insured employers have access to claims data, and whenever you consent to treatment that will be paid by your insurance company, you give consent for the treating provider to release all medical information necessary to get the claim paid. There’s nothing you can do to secure this information other than pay out of pocket in full for all of your healthcare costs, essentially going without insurance. However, what you can do is:

1) Keep mum when the nurse calls unless you have a compelling need for case management (i.e., you need complex care coordination among multiple providers or need a contact person for healthcare providers seeking preauthorization for urgent services). Be wary of courtesy or so-called health promotion calls where the nurse asks you seemingly innocuous questions about your health habits and offers wellness programs or incentives sponsored by your organization in exchange for your information. The truth is if the insurance company who employs the nurses really needed the information they were seeking to pay a claim, they would request it from the health care provider, not you. And, you can get information on employer-sponsored wellness incentives by contacting your human resources department directly or by actually reviewing your annual benefit enrollment information. There is some value in reading this document! When the phone rings, simply state that you don’t wish to discuss your healthcare information.

2) Avoid soliciting your employer’s help with a medical claim issue unless your condition really warrants it. When you ask your self-insured employer to become an intermediary between you and the insurance company, you essentially lay your health history bare. Be certain the care you’re seeking is worth the leverage your employer now enjoys by having your critical information. I was amazed at the random, copious, and often irrelevant medical information plan members divulged to their employers in written form in a desperate attempt to get their claims paid, many of which were for relatively small amounts.

3) Opt out of employer-sponsored wellness programs that require you to complete medical history or health questionnaires as a condition of participation. These programs are becoming increasingly popular with employers seeking to reduce healthcare costs. They give financial incentives, usually discounted premiums or gift certificates for health-related products and services. The rub is that the incentives are more often than not a pittance compared to what you have to give up—your medical privacy! Again, you have to decide if a $4 discount on your biweekly premium (in my individual case) or a $25 gift certificate is a fair exchange for your critical health information.

The last tip is probably the hardest for employees to resist because they so rarely get any “carrots” from their employers, and after all, it’s all in the name of health promotion, right? Umm, yes and no. Of course, employers recognize that a healthier workforce will reduce costs, and they give great lip-service to the health promotion/preventative care paradigm, but they fail to implement long-term, holistic solutions. I’ll discuss this issue in greater detail in a future post. For now, beware to whom you bare your healthcare stats, especially that nice nurse on the phone. She’s not just calling out of the goodness of her heart. She’s calling to check on yours, and she’s taking names.