COVID-19: Balancing Privacy Laws and Privacy Rights with Public Welfare

By The Securities Compliance Team on March 16th, 2020

Posted in Securities Compliance & Arbitration

The presence of the Novel Coronavirus (“2019-nCoV” or more commonly known as “COVID-19”) is unprecedented in modern day times, as most of us have never experienced a global health threat. There are many unknowns with COVID-19 including, to what extent businesses are permitted to collect and share personal information and data in order to protect and preserve the public welfare. Currently, there are no overarching federal data privacy laws or protections to guide businesses on how to handle personal information and data during a pandemic. Specifically, how will your business balance collecting and sharing protected health information, employment data and location data in order to help control the rapid spread and ultimate containment of COVID-19.

Personal Health Data

An employee’s health information is private and is protected under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. However, this past February, the U.S. Department of Health and Human Services published a bulletin which provides details on when disclosure of a person’s private health information is allowed. Among the reasons, “to prevent a serious and imminent threat” to public health. Only HIPAA covered entities and their business associates are permitted to share, with limitations and consistent with applicable law, certain patient information under the HIPAA Privacy Rule during an outbreak of infectious disease or other emergency situation. Under most circumstances, the covered entity must make reasonable effort to limit the disclosures to the “minimum necessary” to accomplish the purpose. Employers are not covered entities and are not subject to HIPAA restrictions. Regardless, private health disclosures should be shared only with authorized personnel and care should be taken to protect the employee’s private health data from an inadvertent disclosure that could result in privacy violations.

Employment Data

In 2009, the U.S. Equal Employment Opportunity Commission (“EEOC”) provided guidance regarding pandemic planning for the flu. However, it has directed employers to the Center for Disease Control’s (“CDC”) website for guidance with preventing stigma and discrimination in order to determine the risk of COVID-19.

Contact Tracing

The need for “contact tracing” will grow stronger as a means to quickly address a public health issue as the number of COVID-19 cases continue to grow within the U.S. Contact tracing is the process of tracing a person’s physical location and past movements in order to build a comprehensive chronicle of a person’s whereabouts and determine with whom the person may have had contact. Companies should consider the need for requesting certain information from employees and with whom the information is shared.

Pandemic Fears = Opportunistic Cybercriminals

The time is ripe for data privacy risks and cyber intrusions. As companies prepare for alternate work arrangements, they must keep in mind their heightened obligation to protect clients’ and employees’ personal information. For example, in China, there were reports of cybercriminals disseminating Remote Access Trojans disguised as files or documents that seem to provide new notifications or updates related to COVID-19. Companies should remind their employees to verify the source of emails and text messages before clicking on links or opening attachments that could lead to data loss. Additionally, companies should review their cybersecurity and business continuity plans and practices, test remote access and continuity of business operations, information security safeguards and provide employees with constant reminders of their obligation to safeguard the company’s networks and client personal data and information.

The U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (CISA) has issued an alert related to potential cybersecurity scams stemming from the coronavirus (COVID-19) pandemic.

Multiple locations to better serve your needs—

Hamilton, NJ

100 American Metro Boulevard
Hamilton, NJ 08619
Phone: 609.896.9060
Secondary phone: 800.535.3425
Fax: 609.896.0629
county best pa pennsylvania reviews south jersey berks northhampton montgomery bucks lehigh valley gloucester burlington mercer

Marlton, NJ

40 Lake Center, 401 NJ-73, Suite 130
Marlton, NJ 08053
Phone: 856.874.4443
Secondary phone: 888.241.7424
Fax: 856.874.0133
county best pa pennsylvania reviews south jersey berks northhampton montgomery bucks lehigh valley gloucester burlington mercer

Yardley, PA

777 Township Line Road, Suite 120
Yardley, PA 19067
Phone: 267.907.9600
Fax: 267.907.9659
county best pa pennsylvania reviews south jersey berks northhampton montgomery bucks lehigh valley gloucester burlington mercer

New York, NY

5 Pennsylvania Plaza 23rd Floor
New York, NY 10001
Phone: 800.535.3425
county best pa pennsylvania reviews south jersey berks northhampton montgomery bucks lehigh valley gloucester burlington mercer

Philadelphia, PA

The Bellevue 200 S Broad St #600
Philadelphia, PA 19102
Phone: 267.907.9600
Secondary phone: 800.535.3425
Fax: 215.564.6245
county best pa pennsylvania reviews south jersey berks northhampton montgomery bucks lehigh valley gloucester burlington mercer

Bridgeton, NJ

78 W Broad St
Bridgeton, NJ 08302
Phone: 856.874.4443
county best pa pennsylvania reviews south jersey berks northhampton montgomery bucks lehigh valley gloucester burlington mercer