Healthcare Information Security

Patient Privacy News

Is PHI Security Strong Enough in the Workplace?

By Elizabeth Snell

Workplace wellness programs are on the rise, but does that mean that PHI security is being put at risk?

- PHI security is often an issue relegated to healthcare providers and insurers. However, as health and wellness programs increase in popularity in the working world, more employers are beginning to ask for employees’ PHI. This creates a whole new privacy and security issue: should employers have access to workers’ PHI?

Wendy Schobert filed a complaint against her former employer, Orion Energy Systems, Inc. after the organization wanted to collect medical information on its employees for the company wellness program. Schobert explained to Bloomberg that if she did not participate, then she would have to pay the full $5,000 of her health insurance.

According to an August statement from the US Equal Employment Opportunity Commission (EEOC), Orion fired Schobert after she objected to the company program. Moreover, EEOC filed a lawsuit against Orion, stating that the wellness program violated the Americans with Disabilities Act (ADA) as it was applied to Schobert.

“Employers certainly may have voluntary wellness programs – there’s no dispute about that and many see such programs as a positive development,” John Hendrickson, regional attorney for the EEOC Chicago district, said in the release.  “But they have to actually be voluntary.  They can’t compel participation by imposing enormous penalties such as shifting 100 percent of the premium cost for health benefits onto the back of the employee or by just firing the employee who chooses not to participate.”

Hendrickson added that employees should have to choose between giving their health information for a wellness program and being fired.

With the recent Sony Corp. hack, employees’ PHI security is also put into scrutiny. The cybersecurity breach released some workers’ medical information, along with that of their families. Two former Sony employees are suing the company, claiming that the organization knew that its computer systems were not properly secure, according to CNET.

However, it seems that employee wellness programs are becoming more common. The EEOC filing cited data from the Kaiser Family Foundation, which said that 94 percent of employers with over 200 workers offer some type of wellness program. Moreover, 63 percent of smaller organizations also offer a similar option.

According to a Towers Watson survey, 84 percent of US employers said they plan to increase or significantly increase support of health and productivity programs over the next two years. Additionally, seven in 10 respondents stated developing a workplace culture where employees are responsible for their health is a top priority of their health and productivity programs. Employers are increasing the use of financial incentives and penalties to hold workers more accountable and improve health outcomes, the survey found.

While organizations across the nation want to improve their employees’ health, it will be crucial for them to tread carefully and maintain strong network protection. PHI security is essential in preventing medical identity theft. While a typical working environment is not bound by HIPAA laws, there are other privacy, security, or basic human rights violations that could be overlooked.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks