In a rapidly changing workforce, employers are increasingly investing in the health of their employees. One step that companies have taken to foster this is by partnering with employee well-being providers. Employee well-being providers give participants access to a multiplicity of different services that are designed to improve well-being. Generally, these services or resources are provided through employee assistance programs (EAPs).
 

While the exact services available to participants vary depending on the provider (and the service agreement), having access to these resources—often around the clock—can be immeasurably valuable to employees who are struggling, looking to improve, or are simply just a bit stressed. In the global context, the services may vary from country to country and are subject to local laws, but below are some considerations related to the integration of AI into EAP services.

The Introduction of AI Into EAPs

Generally, employee well-being providers function by utilizing a broad range of staff to provide different services if and when they are requested by one of the participants. This model has proved wonderfully successful in allowing high-quality, on-demand services that can quickly provide a participant with the service she needs or desires.
 
However, employee well-being providers are necessarily limited by the finite number of counselors, medical professionals, or general staff they have available. This has led to employee well-being providers beginning to incorporate AI into EAPs in areas where it can seamlessly replace a human.

The introduction of AI has been immensely beneficial in making the administration of EAPs more efficient, consequentially increasing the availability of important staff such as counselors, meditation specialists, or health professionals for participants.

However, the integration of AI into EAPs has not come without its difficulties. This article will cover some of the common challenges faced by employee well-being providers integrating AI into EAPs.

Algorithmic Bias

Despite being comprehensively positive, the integration of AI into EAPs presents many ethical and legal concerns. One concern raised is that of algorithmic bias. Algorithmic bias occurs when an AI algorithm has not been exposed to enough data regarding a certain demographic, and as a result, it presents skewed or biased data.

This can result in discrimination against participants of EAPs from minority backgrounds who are not adequately represented by the data that the AI algorithm has received. By utilizing AI, unfortunately, the human element is lost, and empathy is removed from the process. Correspondingly, monitoring responses for bias and being cognizant of the potential for discrimination is of immeasurable importance to employee well-being providers utilizing AI.

Data Ownership and Big Tech

Various industries rely on large tech companies like Google, IBM, and Apple for access to AI algorithms. This reliance on large tech companies for AI technology has led to increased concerns about data ownership within EAPs and healthcare generally.

Namely, the potential concern with utilizing a third-party AI program without the necessary contractual agreements is that participant data from EAPs used in conjunction with AI could end up in the hands of large tech companies who ultimately own the AI software and the data it receives.

Therefore, it is fervently recommended that employee well-being providers either develop their own proprietary AI software or institute Non-Disclosure Agreements (NDAs) and/or End-User-License Agreements (EULAs) that set parameters regarding the use and ownership of data that the AI receives from the EAPs.

Informed Consent

The administration of EAPs requires that participants provide informed consent (in the form required by applicable law) to treatment. This requires that participants are appropriately informed of alternate treatment and all risks of the proposed treatment before their consent is valid. Correspondingly, participants need to be made aware that their personal data from EAPs is being used in conjunction with AI and agree to such use.

Additionally, any and all risks that the utilization of AI may have regarding the use of participant data or the potential for its ultimate ownership by larger (oftentimes tech) companies must be disclosed and agreed to by the participant. Without such measures, the administration of EAPs could be determined to be lacking informed consent.

Confidentiality

Another challenge that AI poses is maintaining the confidentiality of participants’ health information. Principally, the Health Insurance Portability and Accountability Act (HIPAA) provides the requirements pertaining to the disclosure of health information or data. In Europe, the General Data Protection Regulation (GDPR) similarly governs data privacy.

Pertinently, much of the data collected during EAPs is bound by HIPAA’s rules on the disclosure of protected health information (PHI). HIPAA defines protected health information as all “individually identifiable health information" (Finney, 2023).

Unsurprisingly, the disclosure of clients’ PHI would unequivocally be a violation of the HIPAA privacy rule that would result in significant legal consequences for an employee well-being provider. Yet, HIPAA does not have a rule governing the disclosure of de-identified health information. Intuitively, this information is not protected because “de-identified health information neither identifies nor provides a reasonable basis to identify an individual” (Office, 2022).

One would believe that avoiding HIPAA violations when utilizing AI would be relatively simple. Theoretically, when utilizing AI products or applications by “scrubbing off” identifiers of clients or patients, the resulting information that is being shared with the AI does not constitute protected health information (PHI) and, as a result, would not be governed by HIPPA. In practice, it is not so simple.

There exists a wide variety of re-identification techniques and programs that “effectively nullify any efforts to scrub data of identifying information” (Murdoch, 2021).

Correspondingly, it may be the case that health information that is scrubbed of identifiers when used in conjunction with AI is protected by HIPAA (or the GDPR) by virtue of there being a reasonable basis to believe that the information could be used to identify the individual.

To prevent HIPAA violations, employee well-being providers should make their best efforts to protect participant confidentiality, especially if not using proprietary AI software. This issue could largely be avoided if proprietary AI was used, but even then, cross-department transfers within a company could nonetheless violate HIPAA.

Trade Secrets

Finally, employee well-being providers must be wary of the utilization of AI applications within EAPs because of the potential to disclose proprietary information or trade secrets of their companies, such as unique therapeutic techniques, intervention strategies, or client assessment tools.

Generally, the Uniform Trade Secrets Act (UTSA) protects the appropriation of a company’s “trade secrets” that are “the subject of efforts that are reasonable under the circumstances to maintain its secrecy” (Leiden 2024).

However, concerns are raised regarding trade secret information input into generative AI applications because it “in many cases, cannot be deleted by the user and may be used by the application” in subsequent responses to other companies (Leiden 2024).

Therefore, Trade Secrets entered into generative AI programs that make no promise of confidentiality (such as ChatGPT) may not receive UTSA protection since inputting trade secrets into AI that make no guarantees about confidentiality would likely not constitute reasonable efforts to maintain the secrecy of that information.

Correspondingly, a company could be left with no legal recourse under the UTSA if one of its competitors received its trade secrets through a generative AI application.

Summary

Admittedly, there are many challenges to implementing AI within EAPs, but by being cognizant of the potential for discrimination, exercising caution regarding disclosure of trade secrets on non-proprietary AI platforms, and forming the necessary contractual agreements with AI vendors and participants, employee well-being providers can be confident that they are utilizing AI in an ethically and legally appropriate manner.

References

1. Finney, J. (2023, December 27). HIPAA Authorization Requirements & Consent for Disclosing PHI. Linford & Company LLP.
2. Leiden, D., & Winters, H. (2024, June 26). Harnessing generative AI: Best practices for trade secret protection. Harnessing Generative AI: Best Practices for Trade Secret Protection.
3. Office for Civil Rights. (2022, October 19). Summary of the HIPAA privacy rule. HHS.gov.

Author’s Bios

	Andrea Carska-Sheppard is the Chief Legal Officer at Workplace Options.
	James Whitaker is a JD/MBA Candidate (2026) at Campbell Law and a legal assistant at Workplace Options. He specializes in employment and international corporate law.

 
Error: No such template "/CustomCode/topleader/category"!