In addition, the ADA also bars employers from making any employ- ment-related decisions based on any disability that is untethered to an employ- ee’s job-related functions. Translated to the fitness tracker context, an employer that terminates an employee after reviewing the employee’s fitness tracker data opens itself up to allegations by the now-former, most-likely-disgruntled worker that their dismissal was based on a disability or perceived disability; even when, in reality, the employment deci- sion was wholly divorced from any issue regarding the employee’s health or any physical/mental condition.
With that said, the ADA does permit employers to implement voluntary medical examinations—including the use of fitness tracking devices—as part of employee health programs.
Practical Compliance Tips & Best Practices
To mitigate the legal liability risks associated with the use of wearable fitness trackers, employers should incorporate the following privacy- and security-focused practices into their employee wellness programs:
• Make the Program Voluntary & Allow the Ability to Opt-Out: Ensure the use of fitness trackers—and the employ- er’s wellness program as whole—is completely voluntary. Allow employees who originally entered into the program to opt-out at any time and without any adverse impact on their employment.
• Notice: In today’s highly digital world, transparency is a must—not only to minimize liability exposure, but to gain and maintain trust with employees. As such, provide workers with clear notice regarding the company’s utilization of fitness trackers as part of its wellness program, including a description of the program, the reason(s) fitness trackers have been included as a core element of the program, the nature of the fitness tracking devices, the health data that will be collected from the devices, who will have access to that data, how that data will be used (and not used), and the measures being taken to safeguard and
secure that data. This notice should be provided to all employees prior to the time any health data is collected, and included in the company’s employee handbook.
• Written Consent: Obtain written consent from all employees who seek to use fitness trackers in conjunction with the employer’s wellness program before any personal data is collected from employees’ or their wearable devices.
• Policies & Procedures for Ensuring Proper Use of Fitness Tracker Health Data: Develop and implement poli- cies and procedures to ensure that the employer, its management, and any third-party service providers prop- erly use any health data generated by employee fitness trackers. All policies should include a strict ban on using any employee health data generated through this technology to make any type of employment-related decision.
• Data Security Measures: Since Internet of Things (“IoT”) devices—which includes wearable fitness trackers—are particularly vulnerable to data breaches, ensure that data security measures are implemented and maintained to safe- guard and secure employee health data. These safeguards should be at least as robust as those utilized by the employer (or its service provider) to protect other types of sensitive personal information.
• Data Retention/Destruction Requirements: Similarly, to limit the compromise of employee health data in the event of a data breach event,
implement data retention and data destruction requirements mandating that employee health data only be retained for the minimum period neces- sary; and further, that it be permanently destroyed immediately after the data is no longer needed for the purpose for which it was originally collected.
As data continues to become more valuable—and as health insurance costs continue to rise—more employers will turn to wearable fitness trackers to both enhance the health of their workers and decrease employee health care costs. But employers must proceed with caution before implementing any employee well- ness program that incorporates the use of fitness trackers to both allay workers’ privacy and security concerns and miti- gate the sizeable legal risks associated with fitness trackers in the workplace. By ensuring privacy and security princi- ples are integrated throughout wellness programs involving the use of fitness trackers, employers can harness the value of fitness trackers in the work- place, while at the same time maintaining legal compliance and mitigating potential liability risk.
Oberly is an attorney in the Cincinnati office of Blank Rome LLP and is a member of the firm’s Privacy, Security & Data Protection, Biometric Privacy, and Privacy Class Action Litigation groups. David’s practice encompasses both counseling and advising clients on a wide range of privacy, data protection, and biometric privacy matters, as well as defending clients in high-stakes, high exposure biometric privacy, consumer privacy, and data breach class action litigation. He can be reached at david.oberly@ blankrome.com.
    Financial and estate planning can be challenging...
The Disability Foundation offers an alternative to disinheritance through three pooled trusts available only to disabled residents of Ohio. These trusts allow individuals with disabilities to buy the things they want and need, without worrying that their purchases might cause them to lose their government benefits. We offer both first and third-party trusts.
Learn how we can assist your firm in setting up a Special Needs Trust.
Disability-Foundation.org
Enriching Today • Securing Tomorrow
937-225-9939
         THE REPORT | January/February 2022 | CincyBar.org 11