Are the latest New Jersey Covid-19 Protocols jeopardizing your HIPPA compliance?

Are the latest New Jersey Covid-19 Protocols jeopardizing your HIPPA compliance?

Last month’s executive order from Governor Murphy’s office mandated New Jersey organizations “protect employees, customers, and others who come into contact with operations”.

The order included guidelines for things like masking, high-touch surface cleaning and daily employee self-assessment checklists.

While the law is mostly straight forward, as cybersecurity experts and technologists concerned with privacy protections, we felt it important to address the “assessment checklist” requirement, especially as it impacts our partners in healthcare, law and insurance who are required to follow HIPPA guidelines.

According to Executive Order 192 “Prior to each shift, [employers shall] conduct daily health checks, such as temperature screenings, visual symptom checking, self-assessment checklists, and/or health questionnaires, consistent with CDC guidance”

For organizations bound by HIPPA, collecting and storing this data is tricky and should be approached thoughtfully. While the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) is exercising enforcement discretion during the COVID-19 health emergency, HIPAA rules remain in effect and any entity found to be noncompliant could face penalties. (https://www.hhs.gov/hipaa)

What can your company do?

As a technology services provider, we’ve been deploying technical staff onsite since the start of the pandemic and have been requiring employee self-assessments for several months.

As we’re also bound by HIPPA, we worked with a partner to rollout an app where sensitive data is encrypted in order to provide privacy protection for our employees, and protect the company. Employees receive a text message each morning prompting them to complete the checklist. As an added measure of protection, the app will also seamlessly connect a doctor with any employee reporting COVID symptoms.

Is this overkill?

Possibly, but according to business consultants, Booz Allen Hamilton, contact tracing applications and other Covid related/tracking technology will be a key threat vector in 2021, and open doors for large-scale cyberattacks. www.boozallen.com/c/insight/publication/8-cyber-threat-trends-for-2021

As we like to say, the law doesn’t require us to lock our doors or alarm the building and we’d never leave without taking those precautions. At the end of the day, if we know there’s potential for privacy or security concerns, why not take the steps to get it right?

At the end of the day, business owners want their doors open, but the public will only return when they feel safe. For our employees and our clients, we’re doing all we can to make that happen!

For a complete guide to office opening/reopening (as well as a link to Executive Order 192) visit The NJ State website at https://covid19.nj.gov/faqs/nj-information/reopening-guidance-and-restrictions/what-rules-or-safety-guidelines-are-in-place-for-reopened-businesses-are-any-businesses-closed