Defining Element 4: Ensure Confidentiality and Privacy of Workers

Designing and enforcing appropriate privacy protections goes beyond ensuring that only authorized personnel have access to sensitive safety and health information. Observe all relevant local, state, and national laws regarding privacy of personally identifiable informa­tion and health-related information by taking appropriate steps. For instance, de-identify participant data and use encrypted systems with strong passwords. In accordance with Defining Element 3 (Promote and support worker engagement throughout program design and implementation), ensure that employers and workers work together on developing surveys and planning group meetings focused on improving workforce safety, health, and well-being. Promote open communication about the potential uses of worker data and the protections that are in place for that data.

Recognize the particular risks related to collecting and tracking personally identifiable infor­mation in the context of the workplace—even the type of data collection that may be legally permissible at the time. The possibility of sensitive individual worker data being abused by those in positions of power within the organization could lead to stigma, discrimination, and financial repercussions, such as loss of employment or reduced future career opportunities [Basas 2014]. The Total Worker Health strategy is inclusive of data-driven approaches to un­derstanding and intervening to improve worker well-being, but not data collection that comes at a cost to individual worker well-being. Integrating data systems, for instance, can simplify measurement and monitoring but also merits special consideration about privacy implica­tions.

Note that workplace policies that discriminate against or penalize workers for their in­dividual health conditions or create disincentives for improving health are inconsistent with the TWH approach. Rather, the TWH approach recommends that employers and workers collaborate to design safe and healthy workplaces that support all workers, regard­less of individual or legal differences (e.g., employees vs. contractors, temporary workers, or contingent workers), in both their professional and personal health goals.

Data sources that require confidentiality considerations and/or protections

  • Health risk assessments
  • Electronic health records
  • Management systems
  • Program evaluation data
  • Self-reported survey data

Privacy precautions

  • Rigorous de-identification of records
  • Destruction of personally identifiable information as appropriate
  • Hiring a third party to handle certain aspects of the program to reduce employee fear of retribution or penalty
  • Using group or population-level data rather than individual data