“If you don’t share information, and something bad happens as a result of it, that’s a problem. If you do share, and you violate a privacy rule, that’s potentially a problem,” said Kirk Nahra, chair of WilmerHale’s cybersecurity and privacy group, to Politico.
Employers are recommended to send out generate emails stating that an employee has contracted COVID-19. However, they should not identify the individual who has tested positive. Labor laws require businesses to create safe work environments, which has caused many in recent days to self-isolate if a coworker shows symptoms or tests positive for COVID-19.
For hospitals and health systems, HHS’ Office for Civil Rights says that coronavirus disclosures should be limited, with only the “minimum necessary” information being shared. The Americans with Disabilities Act states that employees must keep applicants’ and employees’ medial information confidential.
Although the Equal Employment Opportunity Commission allows employers to ask workers about travel or symptoms in certain circumstances, it’s unclear whether the employer can disclose the reported health status to other employees.
More articles on cybersecurity:
State-by-state breakdown of ransomware attacks on healthcare providers
5 recent data breaches caused by human error
Indiana hospital alerts 2,600 patients of human error data breach
