Have you seen SPECTRE, the latest James Bond film? It includes a scene in which South Africa decides to oppose the other nations in the world’s G-9 (i.e. group of nine largest countries) by refusing to share private data about their citizens in an initiative to fight terrorism. But then the evil organization SPECTRE attacks Cape Town, and the South Africans drop their opposition to data sharing.
As if to emphasize this inclination towards sharing private personal data, last week, the Vitality Group of the South African firm Discovery Limited released Reporting on Health: A Roadmap for Investors, Companies, and Reporting Platforms. More than a dozen global organizations, including IBM, Johnson & Johnson, Merck, PepsiCo, Unilever and the Robert Wood Johnson Foundation voiced their support of this report’s recommendations at the World Economic Forum in Davos, Switzerland.
And what did the Vitality report say? It recommended that corporations publicly report on the workforce health metrics of their human capital. In other words, in addition to issuing financial statements and (in certain industries) environmental impact statistics, the Vitality Group and its supporting organizations called for companies to tell the world about the health of their employees.
For instance, according to the Comprehensive Health Metrics Scorecard in Appendix C of the Vitality report, companies should perform health risk assessments and biometric screenings of their employees. To facilitate such activities, companies should incentivize employees to disclose their physical activities, eating habits, alcohol consumption habits, mental health status, sleep patterns, and other wellness information.
Then, according to Vitality, these companies should summarize this information and share it with the general public. The report doesn’t appear to address privacy regulations like the HIPAA federal legislation in the United States, although it does briefly acknowledge privacy concerns by noting that:
For companies that are collecting and analyzing health data, we encourage the highest respect of privacy by using aggregate-level data and by reporting changes over time to ensure that the reporting itself does not unintentionally translate into an incentive for companies to hire healthier employees.
Are you satisfied with this acknowledgment, or does it leave you feeling a bit queasy? Indeed, some of us might squirm at the prospect of our employers collecting such detailed personal information, even if they only publicly disclose the data on an aggregate basis over time.
In the United States, of course, this data can be found in the clinical records of medical providers. Health insurers and managed care organizations also collect such information through the HEDIS metrics of the NCQA.
But it may be difficult to find American employees who are willing to share such information with their employers. Although data privacy doesn’t appear to be a major priority in James Bond’s fantasy world, it is indeed a significant consideration in our own real world.