Vendors that sell wellness programs to large employers are often required by law to comply with HIPAA privacy guidelines through a Business Associate Agreement. This agreement protects employee privacy and ensures their health data will be kept confidential, similar to other online health services. However, wellness programs marketed directly to consumers may not offer the same formal legal protections for privacy.