1. Home
  2. Newsletters Home
  3. Don't Require Wearables at Work
Salary.com Compensation & Pay Equity Law Review

Don't Require Wearables at Work

NEWSLETTER VOLUME 3.28 | July 10, 2025

Editor's Note

Don't Require Wearables at Work

My Beloved is a tech and data enthusiast. He was really into the "quantified self" when the gadgets that could measure biometrics first came out. It started with the clip on sensors and evolved into rings, watches, and of course, phones. I think it's been useful for him and he's learned a lot about his body, how it works, and how physical differences can change the way he feels. He's in no danger of stopping any time soon.

I am the opposite. The absolute last thing I want is a bunch of sensors giving me data I don't really understand but will obsess about, sure that my demise is imminent. I won't even let the doctor tell me what I weigh. I should probably care more. I basically treat my body like a brain transportation device. But we've made it this far (translation: I've been really lucky).

Not everyone is into "wellness." The term can mean almost anything. (What is kombucha?) Mostly, employers should never require employees to participate in any wellness program. It's their health, bodies, and lives.

The intentions are good. Let's support people in eating well, exercising, and taking care of themselves so they can work harder, better, and more. Whoops. There's a glitch here. If employers are not as concerned with rest, recuperation, and preventing burn out, maybe the intentions are not always pure goodness. I know, we have a business to run here. But rest is an essential part of work. If employers don't understand that, then fitness devices are not going to help.

Sure, encourage walk and talk meetings. Offer healthy choices for food. Make the devices part of a benefit that reimburses employees for health related expenses like gym memberships or yoga and spin classes. But don't ask employees to track their biometric data. Here are the legal reasons why.

- Heather Bussing

At a time where personal fitness devices track everything from heart rate to sleep quality, employers are increasingly integrating wearable technology — like Fitbits, Apple Watches, and Oura Rings — into their corporate wellness programs. These programs promise to reduce healthcare costs, boost productivity, and foster a culture of well-being. But with these benefits come significant potential legal pitfalls, particularly in the areas of data privacy, HIPAA, and disability discrimination.

Biometric Data and Privacy Laws

The data collected by wearables often qualifies as biometric information — a category of sensitive personal data that includes heart rate, sleep cycles, skin temperature, and oxygen saturation levels. While there is no comprehensive federal biometric privacy law, a state like Illinois (with the Biometric Information Privacy Act, or BIPA) imposes strict requirements on entities collecting such data.

Employers operating in Illinois must provide written notice, obtain informed consent, and maintain publicly available policies on data retention and destruction. Violations, even if inadvertent, can carry steep statutory damages — up to $5,000 per violation.

Employers should consider whether they, or third-party wellness vendors, are collecting and storing biometric data in a way that triggers state law obligations. Even if an employer doesn’t touch the data directly, liability may attach if the program is employer-sponsored.

HIPAA

A common misconception is that any health-related data is protected by the Health Insurance Portability and Accountability Act (HIPAA). In reality, HIPAA only applies to covered entities (like healthcare providers and insurers) and their business associates.

If a wellness program is not in connection with the employer’s group health plan, HIPAA will likely not apply. But if the program is integrated with an employer-sponsored health plan or if incentives are tied to group health insurance premiums, HIPAA obligations likely kick in.

Employers should also be cautious about accessing individualized data. If an HR department reviews a dashboard showing an employee’s elevated heart rate, that might not just be a HIPAA issue — it could implicate disability discrimination laws as well.

ADA Compliance

The Americans with Disabilities Act (ADA) places strict limits on when and how employers may conduct “medical examinations” or make “disability-related inquiries.” The EEOC has interpreted this to include wellness programs that require employees to divulge health information — even voluntarily — if substantial incentives are attached.

In 2017, the EEOC’s rules on wellness program incentives were vacated, leaving employers with limited guidance on what constitutes a “voluntary” program. A wearable-based initiative that offers large financial incentives or penalizes employees for opting out may not pass muster under the ADA.

Moreover, employers who receive individualized biometric data may face ADA claims if they use that information to make employment decisions, even inadvertently.

Best Practices for Employers

To mitigate risk while still reaping the benefits of wearable-integrated wellness programs, employers should consider the following:

  1. Vet Vendors Carefully: Ensure third-party wellness vendors have robust privacy and data security practices and indemnify employers for legal risks.
  2. Obtain Informed Consent: For jurisdictions with biometric privacy laws, provide clear notice and obtain written consent before collecting any data.
  3. Keep It Voluntary: Ensure participation is truly optional and avoid large incentives or penalties that could make the program coercive.
  4. Avoid Accessing Individual Data: Aggregate data is less risky than individualized metrics. If individual data is accessed, HR and management should be trained on anti-discrimination obligations.
  5. Coordinate With Legal and Compliance: Involve counsel early in the design and implementation process to ensure HIPAA, ADA, and state law compliance.

Reaching the Finish Line

Wearable technology can be a powerful tool for promoting employee health, but it’s not a risk-free endeavor. Employers must tread carefully to ensure that their wellness initiatives don’t inadvertently violate biometric privacy laws, HIPAA, or the ADA. As always, good intentions are no defense to a poorly designed program that runs afoul of the law

This content is licensed and was originally published by JD Supra

It's Easy to Get Started

Transform compensation at your organization and get pay right — see how with a personalized demo.
See it in Action