Home

Quick Links

Legal

navigation

Tuesday, March 24, 2020

Protecting Employee Privacy During a Pandemic


As the world rallies to curb the spread of COVID-19, employers and employees are no doubt wondering how best to navigate the complex questions raised by a public health emergency. For healthcare officials and providers charged with stemming the spread of the coronavirus, knowing who came in contact with an infected person is critical for effective containment efforts that include monitoring, medical follow-ups, self-quarantine and limiting visitors, among others. Employers have taken extraordinary steps to limit employees’ travel, personal contacts, interviews and office visitors.

Looking at the many regulations that address employee privacy and rights (HIPAA, ADA, GINA, among others), employers are being forced to strike a balance between protecting employee privacy and ensuring the safety and welfare of the workforce. While U.S. employers cannot adopt the very invasive methods that have prevailed in other jurisdictions, there is some leeway when dealing with an infection that is fast becoming an unbelievable public health emergency.

Here are some suggestions for how employers can help ensure the safety and well-being of their employees without coming across as invasive, collecting unnecessary information, or instituting new surveillance measures.

Less Invasive Monitoring

Employers should clearly not disclose personal health information about an individual employee to other employees or third parties, except under limited circumstances under the law to assist with treatment from healthcare providers or public health authorities. If someone tests positive for the virus, they are likely to be required by the public health authorities to disclose this information to their employer. Other than that, there are laws preventing employers from actively requiring an employee to disclose their medical information, with specific reasons.

If an employee is concerned about the symptoms exhibited by a fellow employee, the most that can be done is to bring up the issue with the employer and for the latter to take some follow-up action — very discreetly, to ensure the welfare of the employee and workforce. This should not be public information.

Maintain Open Lines of Communication With Employees

Employers should establish a line of communication with employees so that they feel comfortable disclosing high-risk travel or potential contact with an infected or a suspected case. Keep in mind that there is still a lot the medical community and scientists don’t know about the disease.

Organizations should be careful about requiring employees to disclose the details of their travel, especially with the constitutional claim to have a private life. There is no end in sight if you consider that this line of inquiry can lead to questions about employees’ family members and their travels.

There are many government websites (such as those from the San Francisco Dept. of Public Health, the state of California, and the CDC) that provide useful COVID-19 information for the public about any heightened concerns. Think about encouraging your employees to visit these sites and link them to your company’s website.

Remember, the above discussion broadly addresses best practices for employers to maintain employee privacy protections during a public health crisis. Bottom line, the key to avoiding an overreaching policy or approach is to understand the laws that impact your organization and affect how personal data is tracked and shared in response to the COVID-19 outbreak, and, in the upcoming months and years, how public health authorities take stock of the data.

Feel free to reach out to the Armanino Privacy team with your privacy questions. For more information on how to keep your business running during disruption, visit our COVID-19 Resource Center.

COMMENTS

comments powered by Disqus