Wellness programs are not a new thing for companies. It’s been long understood that a healthier workforce leads to a more productive environment with fewer sick days for employees. In fact, companies lose around $164 billion in productivity, annually, to obesity related issues.
Wellness programs go beyond weight management and physical health care. Recent trends in corporate programs include emotional wellness components, which help to drive employee engagement. These programs include mindfulness practices like yoga and meditation.
In the last few years, these programs have expanded to include the use of wearable trackers and gamification elements to motivate employees and keep them moving towards the goals of better health.
Health insurance providers are in full support of using devices and tracking to help create a healthier workforce. In fact, insurers are reducing corporate rates for companies where health trackers are used.
Technology is a significant enabler to the successful use of corporate wellness programs. But these programs can create concerns, both for employees and for IT departments.
The Technology of Wellness Programs
Companies have a few options when it comes to incorporating wellness programs into their operations, from insurer sponsored programs to independent companies that integrate with your organization’s goals.
For these programs to be effective and for some of the more motivating features to be used, there needs to be some level of reporting and tracking. These features need to be convenient, accessible and always available to encourage use.
Technology is the unifying element of these programs, no matter where the wellness program is sourced from. Between websites and mobile applications, these providers make it easy for employees to record their activities and participate in online education programs no matter where they are or when they have time.
Making it even easier is the use of wearable devices. Step trackers and heart rate monitors allow stats to be added to an employee’s profile without requiring the user to think about it. They also provide an unbiased third party report of activity.
All of this combined leads to generally accurate reporting and opens the door for gamification and intrinsic rewards to be used to keep employees on track.
Between wearables, websites and mobile applications, employees have tools available that can help them focus in and achieve their health goals. But the very devices that are enabling the workforce to get healthy can be dangers to the enterprise that is supporting their use.
IT Strains and Risks
The challenges that these applications bring are nothing new to IT. The difference here is that these activities are now endorsed, and even encouraged, by the organization. As such, IT must make accommodations for these risks. The good news is, the problems are ones that IT is already addressing.
One of the concerns is the program websites. While allowing access to outside sites is commonplace for most industries, the sites associated with wellness programs require logins and contain personal information. Training personnel to use unique passwords on outside systems is important in these situations, as is reminding them of the importance of secure passwords.
Because these sites are outside of a company’s sphere of influence, it’s difficult to tell when a security threat, like a virus, is introduced that can affect your corporate network. There is also a greater opportunity for phishing schemes and other social engineering attempts as there is a trusted outside company that could legitimately be looking for information from an employee.
Mobile applications and devices also increase the threat surface. As with any organization that allows BYOD – Bring Your Own Device – concerns around corporate information security and data leakage need to be taken into consideration. Enterprise mobility management and application management solutions can help with these risks, but no single solution is perfect. These solutions don’t address issues like compromised or rooted phones or access to corporate assets if a device is lost or stolen.
As with third party websites, mobile apps can create an access threat through compromised code as well. But given that mobile apps are particularly effective when it comes to wellness programs – digital health apps are identified by consumers as the second most important element in helping support their goals – a wellness program that doesn’t include access to apps may be getting in its own way. Adding threat testing of these outside applications can help to alleviate the worst of the concerns for enterprise IT departments.
And then there’s wearables. Wearables increase the number of access points. So, if you’re allowing the use of these items on your corporate network, you’re inherently increasing the number of places from which a hacker can gain entry into your system. Ensuring that all devices, including mobile and wearables, must adhere to your security policies is important to keep your network safe. Also, consider your network’s topology. Is it possible to allow access through a specific entry point, but still restrict the data available when entering through that point?
In addition to the concerns that your enterprise information security team may have, your employees may also be worried. Because their apps and devices are collecting information about their health habits, some team members may be concerned about who can access that data, and how it will be used. Educating and informing your workforce as to who has access to their information can help to reduce the anxiety employees feel about using tracking devices and employer-sponsored wellness programs.
Wellness programs are proven ways to encourage healthy lifestyles with your workforce. More importantly, your employees are more engaged and more productive when they are healthy. Today, technology plays a huge role in helping employees participate in these programs. And while the challenges to IT can be considerable, they can be managed with good IT security practices that most enterprises already have in place, combined with common sense security training.