Employers should do more to reassure staff that data gathered from services like employee assistance programs (EAPs) are shared in an aggregated rather than on an individual level.
The warning follows research from Legal & General this week which shows employees are resisting accessing group protection due to privacy concerns.
Commenting on the findings, Jo Elphick, marketing director – group protection at Legal & General, told Health & Protection that the research underlines the importance of reassuring employees that data from services like EAPs is only shared with employers in an aggregated way, not at an individual level.
“This data can be used to help employers spot trends in workplace issues and needs so they can put in place appropriate wellbeing interventions. Employees can simply self-refer to certain services, such as an EAP; nobody needs to know.”
Meanwhile Peter Wright, managing director at digital law specialist Digital Law UK, explains employee personal information is protected under general data protection regulation (GDPR) rules which governs how people’s personal data is managed, gathered and used.
“If a benefit is provided by a provider and the employee uses it by contacting the provider directly, the provider is receiving the information and processing it, acting as a data processor for the purpose of providing the benefits. The data can only be used by the processor for the purpose for which it is intended, ie, the provision of health benefits. If it were shared it would be in breach of GDPR. The employer might need information regarding contributions to payments for benefits / benefit in kind for payroll and tax purposes, so the type of benefit and its cost would have to be shared with the employer, but sensitive personal data such as reason for treatment, type of treatment etc should not be shared and the employee should have a reasonable expectation that such information will not be shared.
“That is not to say that some platforms might not share such data with employers. The line can be blurred if the benefit is administered by a HR department and employees have to make claims etc through a HR department administrator. Sensitive personal data relating to claims might be inadvertently shared with HR and monitored.
“In short a GDPR compliant system should allow for the employee and the benefit provider to communicate securely without recourse to the employer, with no data shared. However in practice this may still take place.”
Although Elphick was keen to point out the privacy concerns highlighted in the research, do not relate to employee concerns around GDPR compliance.
“It’s more that they’re worried their employer might get to know that they’ve used something like a counselling helpline; that their employer might end up knowing more about their health and happiness than they would like.”
For Brett Hill, distribution director at Towergate Health & Protection, this research demonstrates the critical importance of employee communication and engagement to the successful delivery of a benefits programme.
“Employees won’t use, and won’t value, benefits they don’t understand.
“The EAP services provided by Group Risk products are completely confidential, employees can use them with absolute confidence and it’s vital they understand this. EAP providers have reported a surge in calls for help
as people adjust to the impact of the pandemic and extended lock-downs, employees who don’t have trust in these services are denying themselves access to an invaluable support mechanism.
“Group Risk providers have made huge efforts in recent years to enhance the value of their products, by increasing the everyday support they can provide for employee health & wellbeing. Those efforts, and the employers benefit spend, are wasted if intermediaries don’t support employers in helping employees to understand, and access, the full range of support services available.”