Your Privacy - Your Plan for Health
Ohio State & Your Privacy
Your Plan for Health is a voluntary wellness program available to all benefits-eligible employees and all spouses enrolled in an Ohio State medical plan. The program is administered according to federal rules permitting employer-sponsored wellness programs that seek to improve employee health or prevent disease, including the Americans with Disabilities Act of 1990, the Genetic Information Nondiscrimination Act of 2008, and the Health Insurance Portability and Accountability Act, as applicable, among others. If you choose to participate in the wellness program you will be asked to complete a voluntary Personal Health & Well-Being Assessment or “PHA” that asks a series of questions about your health-related activities and behaviors and whether you have or had certain medical conditions (e.g., cancer, diabetes, or heart disease). You will also be asked to provide annual biometric health values that have been verified by a health care provider, which will include a blood test that will test your total cholesterol, HDL and blood sugar (HgA1c). Neither you nor your spouse are required to complete the PHA, provide biometric health values or participate in the blood test or other medical examinations.
- Employees who are enrolled in an Ohio State medical plan and choose to participate in the wellness program will receive an incentive of up to $300 in annual medical plan premium credits for completing the PHA and providing verified biometric health values. Although you are not required to complete the PHA or provide verified biometric health values, only employees who do so will receive the annual medical plan premium credits.
- Benefits-eligible employees who choose to participate in the wellness program may receive the incentives described below for participating in certain health-related activities, such as healthy habit tracking and physical activity challenges, or achieving certain health outcomes, such as having biometric health values that fall within specified ranges.
- Employees who are enrolled in an Ohio State medical plan: up to $300 in health reimbursement account (HRA) credits and up to $100 in Virgin PulseCash.
- Employees who are eligible for Ohio State medical benefits but are not enrolled: up to $100 in Virgin PulseCash.
Although you may complete the PHA and verified biometric health values as part of the wellness program, you are not required to do so. If you are unable to participate in any of the health-related activities or achieve any of the health outcomes required to earn an incentive, you may be entitled to a reasonable accommodation or an alternative standard. To learn more, contact The OSU Health Plan by emailing email@example.com or calling 614-292-4700 and asking for the Engagement Specialist.
The information from your PHA and the results from your biometric health values will be used to provide you with information to help you understand your current health and potential risks, and may also be used to offer you services through the wellness program, such as health coaching or care coordination for those with chronic disease. You also are encouraged to share your results or concerns with your own health care provider
We are required by law to maintain the privacy and security of your personally identifiable health information. Although the wellness program and The Ohio State University may use aggregate information it collects to design a program based on identified health risks in the workplace, the personally identifiable health information you provide while participating in Your Plan for Health will never be disclosed either publicly or to the employer, except as necessary to respond to a request from you for a reasonable accommodation needed to participate in the wellness program, or as expressly permitted by law. Medical information that personally identifies you that is provided in connection with the wellness program will not be provided to your supervisors or managers and may never be used to make decisions regarding your employment.
Your health information will not be sold, exchanged, transferred, or otherwise disclosed except to the extent permitted by law to carry out specific activities related to the wellness program, and you will not be asked or required to waive the confidentiality of your health information as a condition of participating in the wellness program or receiving an incentive. Anyone who receives your information for purposes of providing you services as part of the wellness program will abide by the same confidentiality requirements. The only individual(s) who may receive your personally identifiable health information are your primary care provider (if your biometric health values are provided or verified through your primary care provider) and applicable individuals at the OSU Health Plan, including a nurse or health coach, in order to provide you with services under the wellness program.
In addition, all medical information obtained through the wellness program will be maintained separate from your personnel records, information stored electronically will be secured, and no information you provide as part of the wellness program will be used in making any employment decision. Appropriate precautions will be taken to avoid any data breach, and in the event a data breach occurs involving information you provide in connection with the wellness program, we will notify you in accordance with applicable law.
You may not be discriminated against in employment because of the medical information you provide as part of participating in the wellness program, nor may you be subjected to retaliation if you choose not to participate.
If you have questions or concerns regarding this notice, or about protections against discrimination and retaliation, please contact The Ohio State University Office of Human Resources, Customer Service at 614-292-1050 or firstname.lastname@example.org.
Virgin Pulse & Your Privacy
- The General Data Protection Regulation (GDPR) is a privacy law enacted by the European Union (EU) Commission Overview that went into effect May 25, 2018. The GDPR applies to any organization, regardless of where data is processed, if the organization is processing personal data of EU residents. As a global organization, Virgin Pulse is bound by GDPR, which regulates how they gather, use and retain personal data. As part of that compliance, Virgin Pulse must obtain explicit consent from members to allow them to process members’ personal data. To comply with GDPR:
- VP must receive consent by offering plain, straightforward language that explains how the member’s data will be used.
- Members will also now have rights regarding the processing of their data, for example relating to data erasure (often referred to as the ‘right to be forgotten’) and data portability.
- Virgin Pulse has chosen to meet their data compliance obligations through the use of three separate consents (described below). Unless an individual consents to all three, they cannot register with Virgin Pulse, and therefore, cannot participate in the programs or services available to Your Plan for Health (YP4H) participants through Virgin Pulse, including completing the Personal Health & Well-being Assessment (PHA).
- Data Consent – An overview of the member data that Virgin Pulse may collect, process and use through the course of administering the program.
- Membership Agreement – Describes how Virgin Pulse administers the program and its benefits, as well as how members may engage with the program, including precautions to protect their account.
- Virgin Pulse collects both anonymous and personal information in order to provide the Virgin Pulse services. Personal information may include: contact information, including your name, home address, personal and business email addresses, and phone number; the email address you use to sign-in; your gender, date of birth and age; information about your health, fitness and related wellness activities offered within the YP4H program, including information about your participation and performance in challenges; the rewards you may be able to earn through the program; the comments and contributions you may make on Virgin Pulse’s web-based platform or mobile application; and any additional information you may provide as you submit queries and requests to Virgin Pulse.
- You are under no obligation to provide any personal information; however, withholding some personal information may result in Virgin Pulse being unable to provide you with certain services.
- The personal information Virgin Pulse collects is only used to provide you with access to services, including:
- To administer and manage your Virgin Pulse account and membership;
- To identify you when you sign-in;
- To track your progress in the YP4H program and the rewards you earn;
- To provide you with information about the YP4H Program features; and
- To respond to your questions and requests.
- Personal Information is also used to create “anonymous data” by removing any identifying information (including any contact information) that would allow the remaining data to be linked back to you. Anonymous data may be used for internal purposes, such as analyzing patterns and program usage to improve services, demographic trends, customer behavior patterns and preferences, and information that can help enrich the content and quality of Virgin Pulse’s program offerings.
- In order to allow you to participate in certain wellness services that are made available as part of Virgin Pulse’s program through third parties, Virgin Pulse may use or share personal information.
- Any information disclosed will be limited to the minimum amount necessary to ensure the provision and quality of the services offered and will only be provided only for the following purposes:
- To coordinate enrollment in those services;
- To enhance your program experience;
- To provide you with information about the services available;
- To ensure that you receive appropriate rewards for participation in YP4H;
- To evaluate the overall quality and effectiveness of the programs; and
- To assess your eligibility for other programs offered.
- Virgin Pulse may also be required to disclose your personal information if:
- Legally required to do so by the USA government, tribunals, law enforcement and regulatory agencies;
- As otherwise required under any applicable law, regulation, or rule; and
- If disclosure is necessary to protect or defend the rights of Virgin Pulse or others, to assist in an investigation, or to prevent illegal activity.
- Virgin Pulse will never use, disclose, or share personal information for marketing purposes and may not sell or rent personal information.