Skip to main content


Woman in office wearing smartwatch

Should Your Boss Be Monitoring Your Blood Pressure?

Professor warns about potential misuse of employee health data

Molly Mastantuono

Law Professor Liz Brown
             Liz Brown

Workplace wellness programs are a booming business. Introduced in 1979 to encourage employees to adopt healthier habits — thus boosting productivity and lowering health-care costs — they now constitute an $8 billion industry. Studies indicate that 84% of large firms provide wellness programs, which increasingly and prominently feature fitness bands, smartwatches and other biometric trackers. 

Yet, while wearable technology can help individuals achieve personal health goals, do devices like these belong in the office? Associate Professor of Law Liz Brown says no, and warns that giving employers access to highly sensitive and deeply personal information could adversely affect employees. In her latest research, forthcoming in Stanford Technology Law Review, Brown explores the legal and ethical ramifications of biometric monitoring in the workplace. As she sees it, employees have considerable cause for concern: “Most people don’t understand the kinds of intimate data being collected about them — or how that information can be used against them."

Personal tracking devices have a surprisingly long history: The first pedometer was created in 1780. Since then, technological advances have rendered increasingly sophisticated devices that measure far more than the number of steps taken. Today’s trackers can record blood pressure and pulse rates, number of calories consumed and burned, amount of weight lost or gained, and duration and quality of sleep. Some also use apps to track a woman’s menstrual cycle and fertility. In short, these devices can collect an abundance of data — information that employers may be able to access when they provide trackers to workers through wellness programs.

While Brown acknowledges biometric devices can be useful — in several instances, they’ve even been credited with saving lives — she deems it dangerous for your boss to know what’s happening inside your body. “The rising cost of health insurance makes having healthier workers an important cost-saving measure,” she cautions. “Employers have a strong incentive for collecting data to identify workers who are more likely to have health problems in the future.” 

Most people don’t understand the kinds of intimate data being collected about them — or how that information can be used against them.
Liz Brown
Law Professor

She cites blood pressure as one example. While chronically high blood pressure can lead to heart attacks, strokes and other debilitating cardiac diseases, intermittent spikes can occur when someone experiences anxiety or stress. If employers have access to such data, they may make assumptions about an individual’s health: “Employers could decide that workers with higher stress levels are likely to be less productive and less desirable,” and consider them first in line to be (or preemptively) fired or demoted.

For women tracking their reproductive cycles, the stakes are even higher. “For most women, periods are a private matter,” Brown notes, “in part because of all the offensive stereotypes that can go along with them. Employers who consciously or unconsciously believe that women who are menstruating are distracted or incompetent, or that women who are trying to conceive are poor candidates for investment or promotion, or that mothers are less committed to their work than fathers, could use this data to bolster those prejudices.”

What’s more, employees discriminated against on the basis of biometrics have no legal recourse. Most people assume they’re protected by the strict privacy laws established in the 1996 Health Insurance Portability and Accountability Act (HIPAA), Brown explains. However, “HIPAA was written before the rise of this kind of extensive data collection”; wearable technology manufacturers not only aren’t covered entities, they’re also legally able to share health information they collect with third parties.

So how can we ensure bosses aren’t basing business decisions on biometrics? First and foremost, Brown says, we need to close HIPAA’s data privacy loopholes and enact legislation to regulate monitoring devices. But she also offers a more radical alternative: Remove health insurance from the workplace entirely. “If employers no longer had to shoulder so much of the cost of health insurance,” she reasons, “they’d likely lose the incentive to track the health of their employees.” Which would ultimately lead to healthier relationships between workers and bosses, Brown notes: “We should be evaluated on our performance, not our biology.”

Google's Access to Health Data Should Worry Workers