Employee wellness firms and insurers are mining your past pharmaceutical and medical insurance claims, shopping and voting habits, credit scores, and some of your search history. Adam Berry/Getty Images In the US, it's illegal to ask employees to share their personal health information when it's unrelated to the job, with one important exception: employee wellness programs.

Some companies are now taking advantage of this loophole in a major way, and it may clue them in to more of your personal life than you thought possible.

According to the Americans with Disabilities Act, employers can conduct voluntary medical examinations and ask for medical histories as part of an employee health program.

A recent report from the Kaiser Family Foundation finds half of the country's large employers offering health benefits have been doing this, offering wellness programs that ask workers to submit to medical tests and fill out health risk assessments.

As a recent report from The Wall Street Journal details, these programs are increasing in popularity as companies like Walmart seek ways to minimize their healthcare spending.

They're even taking the data mining up a notch. The Journal reports employee wellness firms like Castlight Healthcare and insurers are mining various employee data like past pharmaceutical and medical insurance claims, shopping and voting habits, credit scores, and search history within the health apps.

All this data, the firms say, helps them predict each employee's individual health risks and recommend treatments.

"I bet I could better predict your risk of a heart attack by where you shop and where you eat than by your genome," Harry Greenspun, director of Deloitte LLP’s Center for Health Solutions, a research arm of the consulting firm’s health-care practice, tells The Journal.

Your employer could know you stopped filling your birth-control prescription. Getty Images/Daniel Berehulak Castlight can even predict which employees might soon get pregnant, the publication reports. To do this, the firm scans the insurance claims of women who've made fertility-related searches in its health app to find women who have also stopped filling birth-control prescriptions. It then matches this data with the woman's age and ages of any children she might have to compute the likelihood of her getting pregnant soon.

"She would then start receiving emails or in-app messages with tips for choosing an obstetrician or other prenatal care. If the algorithm guessed wrong, she could opt out of receiving similar messages," The Journal reports.

To avoid appearing too intrusive, Jonathan Rende, Castlight's chief research and development officer, tells The Journal the company test-markets its messages. "Every word matters," he says.

While employers are said not to have access to specific employee's health data, some privacy experts worry about the potential, even if accidental, for invasion of employee privacy, which could be used to make workplace decisions.

"There are enormous potential risks in these efforts, such as the exposure of personal health data to employers or others," Frank Pasquale, a law professor at the University of Maryland, tells The Journal.

"As more employers grasp wellness as the latest promised solution to soaring health costs, they're pressuring workers to give unfamiliar companies detailed data about the most sensitive parts of their lives," Kaiser Health News reports. "But whether or not that information stays private is anything but clear."

More people than you'd think want to know how your heart rate is tracking. Business Insider Robert Gellman, a privacy consultant and former congressional staffer, tells Kaiser Health News that, while people assume all their health information obtained by wellness programs are private, not all of it is. "A lot of information can escape into the great American marketing machine, which is desperate to get information on a person's health."



When the city of Houston asked employees to provide an online wellness company with their personal health information, city employees were concerned about the fine print, which said the company could pass the data on to third party vendors acting on their behalf and might make the data reviewable to the public.

What's more, experts also worry about the possibly coercive nature of so-called voluntary wellness programs.

While the Houston employees could refuse to give permission or opt not to take the wellness company's health risk assessment, they would have to pay an extra $300 a year for medical coverage. Other companies tie financial rewards, sometimes worth thousands of dollars, to employees self-reporting health gains like losing weight or lowering blood-sugar levels, an incentive not offered to those who opt out, as Kaiser Health News reports.



As the Equal Employment Opportunity Commission (EEOC) outlines, "A wellness program is voluntary as long as an employer neither requires participation nor penalizes employees who do not participate."



When "employers can charge you a couple thousand dollars more for refusing to give private medical information, that doesn’t sound very voluntary to me," Samuel Bagenstos, a University of Michigan Law School professor, wrote to the EEOC.