Employee Privacy in a Pandemic

By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author

COVID-19 has presented businesses with a new challenge in keeping their company safe and it starts with employee health. As they re-open in the wake of the pandemic, they must keep track of individual health with regard to who is sick and how it might affect the company as a whole. This means that a lot of personal and private health information is being accumulated and stored within a business’s records. There are two issues that management must be aware of with this, and that is what type of information is collected, and how it is safely stored and protected.

Gathering data for the sake of having data is a mistake that many people make. Effort is put into the research, without a clear idea of how or why you need the information that you’ve put time into gathering. Make sure it is worth it. Additionally, when this is done at the business level, it can create a lack of trust from employee to employer, and it can also be a liability if your team feels like big brother is at the helm in more ways than one.

Change is Inevitable
When the World Health Organization declared the COVID-19 outbreak a pandemic on March 11th, 2020, there was little doubt that changes would be in place immediately that affected our everyday life. How long those changes will stay in place remains unknown, but we have seen a shift in the workplace that has put many workers in a permanent “work from home” status. With the fast-moving, and sometimes haphazard way that this was put in place for many companies, there was a huge risk of mistakes being made, issues being overlooked, and policies not in place to conform to what would have been standard procedure when in an office.

One of the main areas that we know this to be true is with cybersecurity and along with that, employee privacy. While they are not undeniably intertwined, they are in fact tightly linked. An employee’s private life, especially when it comes to their online life, is something that can quickly infiltrate the business systems if it is compromised. This can be best monitored in an office setting, but not so much in a home office.

Do not be tempted to collect unnecessary data from your employees and outline how you will use the data and why you need it, prior to asking for it. Also ensure that if there is a breach, and that information is compromised, you have a plan in place since you are liable for that leak. Look ahead to that happening, and ask yourself, “if it does happen, what will the outcome be for our business?”. This will help you to collect only what is necessary and react in the most efficient and well-planned manner.

Yes, COVID-19 has allowed for us to be more stringent in some ways with masks and social distancing, and more relaxed in others such as in our home office, but don’t let that false sense of security leave you exposed to a greater risk of a breach. The fallout won’t end there if it is more than your business data that is stolen.

This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.

HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.

Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE