(WOMENSENEWS)—Fitbit and the Dana-Farber Cancer Institute recently announced a partnership to study the link between physical activity, weight and breast cancer recurrence. This data on heart rate, steps and sleep habits may explain why certain survivors are at greater risk for recurrence.

But imagine if that health information, along with data on insurance and pharmacy claims, could be processed through an algorithm that would predict future health events? Imagine if that information was provided to your employer, who could then use it to make decisions about promotions and raises, know who is lying about being a non-smoker on their insurance forms or even who to fire based on knowledge of who was likely to get cancer or even have a baby?

Imagine no longer. Health benefits manager Castlight’s newest product offering uses data to predict which employees are likely to be pregnant (often before the person knows), raising serious questions of whether personal privacy trumps the organization’s “need to know.”

Health data analytic companies promise to use technology to help individuals and employers make better decisions for their health and their bottom line. But what is the cost to the employee? We do not need to arm organizations with additional reasons to delay or deny promotions to women in their fertile years, or to fuel stereotypes associated with a history of cancer or pregnancy in the workplace.

Data Theft

Employees opt in to the services provided by companies like Castlight, Rise Health and BenefitFocus. The benefits include the ability to look up in-network doctors, health and wellness tips and track health care expenses. But to get this personalized information, the employees must first provide consent to share their health data with these firms. What the employee may not know is that consent also allows these firms to share their health data with their employer.

This health information is a frequent target of hackers, from the compromise of Excellus Blue Cross Blue Shield’s database of 10 million individuals to the electronic health records of Hollywood Presbyterian Medical Center, who paid hackers $17,000 ransom to get their own data back. PBS recently questioned whether health care hacking has become an epidemic, and recent articles in the Wall Street Journal and Fortune highlight the ethical conundrum facing companies seeking information about employee health.

If the risk of data theft seems farfetched, consider that in 2016 alone, over 3.5 million medical records have already been compromised, according to the U.S. Department of Health and Human Services.

As professors of management and bioethics who have been studying these issues for a combined 25 years, we are concerned with the implications these services have on personal privacy and organizational culture. The shared data is allegedly limited to groups of observations where information about individual identity has been removed. Yet, research has shown that publicly available databases make it easy to re-identify health information.

This raises the question of whether companies may indeed be able to pinpoint specific employees with particular problems, despite assurances that employee privacy will be protected.

Lack of Oversight

As private companies, health analytics firms receive no federal funding and therefore are not bound by the federal Common Rule for research ethics. This law regulates human subjects research, ensuring the fair and ethical treatment of individual participants. There is also no oversight of the collection or use of this health data, meaning that these firms and even employers could sell their packaged data to other companies.

Health analytics firms would argue that this data serves a broader purpose and can be used to incentivize employees to make healthy lifestyle choices, drive down costs and increase efficiencies. If the data showed that a large percentage of employees may be seeking treatment for substance abuse, shouldn’t this be seen as an opportunity to provide support, or to look inward at the organization as to why such a large number of employees are seeking treatment? Is it because the work environment has turned toxic or because employees are stressed due to poor economic times?

When we already lack confidence in businesses and the security of our online data, such programs can only further erode trust between employers and employees. Women already face issues associated with parity in leadership positions. Although federal laws governing Equal Employment Opportunity and the Americans with Disabilities Act offer protections for employees who have health conditions, these analytics can predict who is likely to have certain conditions in the near future. There is no law against firing someone who is not yet pregnant or who does not yet have cancer. This knowledge could allow companies to subvert the law and discriminate against vulnerable employees even before the employee herself knows about the condition.

Although companies may pressure their employees to opt-in to such services, privacy is more important than the small benefits provided. Sometimes the risks do not outweigh the benefits and these services usually come with unexpected costs.