Are the latest New Jersey Covid-19 Protocols jeopardizing your HIPPA compliance?
Last month’s executive order from Governor Murphy’s office mandated New Jersey organizations “protect employees, customers, and others who come into contact with operations”.
The order included guidelines for things like masking, high-touch surface cleaning and daily employee self-assessment checklists.
While the law is mostly straight forward, as cybersecurity experts and technologists concerned with privacy protections, we felt it important to address the “assessment checklist” requirement, especially as it impacts our partners in healthcare, law and insurance who are required to follow HIPPA guidelines.
According to Executive Order 192 “Prior to each shift, [employers shall] conduct daily health checks, such as temperature screenings, visual symptom checking, self-assessment checklists, and/or health questionnaires, consistent with CDC guidance”
For organizations bound by HIPPA, collecting and storing this data is tricky and should be approached thoughtfully. While the Office for Civil Rights (OCR) at the U.S. Department of Health and Human Services (HHS) is exercising enforcement discretion during the COVID-19 health emergency, HIPAA rules remain in effect and any entity found to be noncompliant could face penalties. (https://www.hhs.gov/hipaa)
What can your company do?
As a technology services provider, we’ve been deploying technical staff onsite since the start of the pandemic and have been requiring employee self-assessments for several months.
As we’re also bound by HIPPA, we worked with a partner to rollout an app where sensitive data is encrypted in order to provide privacy protection for our employees, and protect the company. Employees receive a text message each morning prompting them to complete the checklist. As an added measure of protection, the app will also seamlessly connect a doctor with any employee reporting COVID symptoms.
Is this overkill?
Possibly, but according to business consultants, Booz Allen Hamilton, contact tracing applications and other Covid related/tracking technology will be a key threat vector in 2021, and open doors for large-scale cyberattacks. www.boozallen.com/c/insight/publication/8-cyber-threat-trends-for-2021
As we like to say, the law doesn’t require us to lock our doors or alarm the building and we’d never leave without taking those precautions. At the end of the day, if we know there’s potential for privacy or security concerns, why not take the steps to get it right?
At the end of the day, business owners want their doors open, but the public will only return when they feel safe. For our employees and our clients, we’re doing all we can to make that happen!
For a complete guide to office opening/reopening (as well as a link to Executive Order 192) visit The NJ State website at https://covid19.nj.gov/faqs/nj-information/reopening-guidance-and-restrictions/what-rules-or-safety-guidelines-are-in-place-for-reopened-businesses-are-any-businesses-closed
More from the author
A Business Case for Next Gen Cloud
What will it take for your business to make the jump to Cloud? For this exceedingly traditional Los Angeles-based law firm it was a global pandemic and state lockdowns that almost brought the business to a stand-still.
OWG Assembles Rock-Star Movember Team!
Since 2002, The Movember Foundation has funded over 1,250 projects around the world. An annual fundraising campaign which encourages participants to grow a moustache (or do something else!) to support men’s health issues, we’re excited to participate and appreciate your interest and support!
You've been hit. Now what?
As cyberattacks on midsize firms continue to prove inevitable, are you ready to be hit? A strong defensive posture minimizes exposure, limits collateral damage and protects client privacy.
A Business Case for Zero Trust Cybersecurity
The medical community has always been at the front of the line when it came to technology integration. Now, as attacks on the healthcare industry explode, executive leadership, board members, doctors and practice administrators wonder what they can do differently. The answer - trust no one, ever! Here's how...
Next Gen Cloud for Midsize Accounting
Accounting firms are relatively conservative when considering a move to the Cloud. But with a hybrid workforce now a necessity, here’s how we helped one firm make the jump.
It’s Cyber Awareness Month… So What!?
We believe cybersecurity (and business technology overall) are factors of an organization’s culture. As such, we recognize the importance of building awareness through communications, events and month-long campaigns that serve to remind, educate, and inspire us to take action.