More and more companies today are offering health and wellness programs for their workers. In fact, a recent report published by the Society for Human Resource Management found than more than two thirds of all U.S. employers offer them. Of course, there's a good reason for this trend: encouraging workers to take a proactive approach towards their health improves productivity while simultaneously reducing sick days.
But many health and wellness programs fail to comply with the Health Insurance Portability and Accountability Act (HIPAA) of 1996, placing the respective company at risk for fines or other penalties handed down by the Office for Civil Rights (OCR). Just because the company isn't a healthcare practice doesn't necessarily mean that it's immune to HIPAA-related fines. If the company access, stores or maintains the Protected Health Information (PHI) of its workers, which is common with health and wellness programs, it may be viewed as a corporate entity; thus, it must abide by the HIPAA Security, Privacy, and Breach Notification Rules.
One company that DOES have a HIPAA-compliant health and wellness program is Fitbit – yes, the same Fitbit that makes the popular fitness tracking wristwatch. In an announcement by the national retailer Target – Fitbit's latest client – the company announced all of its 335,000 employees would be receiving a Fitbit device in the upcoming weeks.
Fitbit Wellness isn't a new concept, however. On the contrary, it's been around since the company's early days. Up until recently, though, it's been a relatively small part of the company. As companies begin to seek new solutions to improve the health and well-being of their employees, Fitbit Wellness continues to grow.
So, how was Fitbit able to make its health and wellness program compliant with HIPAA? Amy Donough confirmed that Fitbit reached out to a third-party agency to seek a voluntary audit. This is in stark contrast to the way in which most companies operate, choosing to wait until the OCR conducts an audit before addressing any potential HIPAA violations.
“We have gone through a third-party audit and we are now HIPAA compliant as an organization,” said Amy Donough, Fitbit Wellness Vice President and General Manager, in an interview with MobiHealthNews. “So we complied with the HIPAA safeguards, which are the best practices. And what that enables us to do is, with our Fitbit Wellness customers, we will be able to sign business associate agreements, and work with covered entities, so those are primarily self-insured employers, health plans, and corporate wellness organizations. We’ll be able to more deeply integrate and partner with some of these organizations to be able to have more effective and more engaging wellness programs.”