https://www.americancityandcounty.com/wp-content/themes/acc_child/assets/images/logo/footer-logo.png
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcast
  • Resources & Events
    • Back
    • Resources
    • Webinars
    • White Papers
    • IWCE 2022
    • How to Contribute
    • Municipal Cost Index – Archive
    • Equipment Watch Page
    • American City & County Awards
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Privacy Statement
    • Terms of Service
American City and County
  • NEWSLETTER
  • Home
  • Co-op Solutions
  • Hybrid Work
  • Commentaries
  • News
  • In-Depth
  • Multimedia
    • Back
    • Podcasts
  • Resources/Events
    • Back
    • Webinars
    • White Papers/eBooks
    • IWCE 2022
    • How to Contribute
    • American City & County Awards
    • Municipal Cost Index
    • Equipment Watch Page
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Privacy Stament
    • Terms of Service
  • newsletter
  • Administration
  • Economy & Finance
  • Procurement
  • Public Safety
  • Public Works & Utilities
  • Smart Cities & Technology
  • Magazine
acc.com

Administration


Dimitri Karastelev on Unsplash

Article

Respecting employees’ health data: How agencies can safeguard COVID-19 vaccination and test information

Respecting employees’ health data: How agencies can safeguard COVID-19 vaccination and test information

  • Written by John Ackerly
  • 7th February 2022

While the omicron-fueled COVID-19 surge is easing up in many parts of the U.S., it is still setting records nationally and internationally. With the likelihood of new variants also on the horizon, it is vital for employers to communicate quickly and efficiently as new information arises. Employers are grappling with the challenge of keeping their workforce as safe as possible, while also safeguarding personal health data that’s sensitive in nature.

State and local government organizations are tasked with collecting and protecting a growing volume of COVID-19-related employee data. This expansion of protected health information (PHI) and personally identifiable information (PII) places a greater burden on both HR functions and executive decision-makers.

Meanwhile, cyber risks are only increasing. HIPAA Journal noted 642 data-breach incidents involving 500 or more records in 2020, a 25-percent year-over-year increase. It reported 655 such incidents from January through October 2021, a new record. Additionally, 75 percent of state and local governments experienced a breach or potential compromise in the past year, according to research from MeriTalk.

Clearly, agencies need an effective way to protect the employee COVID-19 data they capture, store and transmit. They can achieve this goal by following three steps:

  1. Establish a secure process for collecting employee PII.
    Many agencies are capturing proof of employee vaccination or negative-test results. But employees can’t simply bring a vaccination card to work to show to a manager, nor can they just display an image of the card on their smartphone.

Instead, OSHA recommends that employers retain a record of employee immunization. This can include a physical copy of the vaccination record, a digital copy such as a scanned image, digital photograph or PDF version, or a medical record or other official documentation of the vaccination.

Regardless of the data format, HR teams will need to collect the results, aggregate them across their workforce, and communicate to managers which of their workers are unvaccinated. That information will need to be shared through email or other collaboration workflows. It’s imperative that such data transmissions remain secure from end to end.

  1. Protect data end-to-end, not just in transit.
    Organizations typically rely on the encryption native to most email applications to secure sensitive data transmissions. The traditional approach is called transit-layer security (TLS). But TLS has a fatal flaw: It only protects messages while in transit, and it leaves PHI vulnerable to a data breach because it doesn’t encrypt it end-to-end.

To understand what it means to protect data end-to-end, it helps to first understand encryption. Encryption uses complex algorithms, but at a conceptual level it’s like surrounding a piece of data in an impenetrable wrapper. It obscures the contents of a data object so that it can be read only by the person or entity authorized to read it.

Yet when a piece of data is shared, it’s never a simple A-to-B journey. Let’s use an email attachment as an example. The message is written in an email client such as Gmail. The attachment is uploaded to Google’s servers. Once the email is sent, it travels over the internet from network to network. It eventually reaches the recipient’s network and email client. Although the email is delivered in an instant, it’s handed off across several technology ecosystems before it reaches its destination.

End-to-end encryption protects that data from the moment it’s created to the moment it’s accessed by the authorized recipient. It safeguards the data across formats, devices and ecosystems—emails, attachments, documents, videos, databases, internet of things (IoT) devices and so on.

In this way, state and local governments can ensure they are protecting and respecting employee data while also helping to maintain compliance with regulations such as HIPAA and FERPA.

  1. Respect the data: Give employees control over their own personal information, while building in safeguards.
    Safeguarding workforce PII is about more than just cybersecurity protections. It also involves employee trust, so it’s important to give workers control of their data while you also demonstrate a commitment to protecting it.

This is especially important because citizen and employee trust has eroded. Trust in government in the United States, while inching up 3 percentage points last year, remains at a rather dismal 42 percent, according to the Edelman Trust Barometer 2021. Globally, only 53 percent of government workers trust their employer, according to the study. And 68 percent of people are concerned about hackers and cyberattacks.

As the government labor market has grown tighter in the wake of the pandemic, trust can become a competitive advantage. And as agencies gather and manage COVID-19-related employee data, demonstrating a commitment to employee privacy will be imperative.

End-to-end encryption places control over data in the hands of the data owner. No matter how or where it travels, the owner can modify controls, limit sharing or even revoke access.

These three crucial steps for end-to-end data protection are all enabled by an open standard called the trusted data format (TDF), which allows agencies to encrypt, control access to and audit the protection of data wherever it’s created or shared.

TDF was created at the National Security Agency and thousands of organizations already use it to achieve secure data sharing, with platform-agnostic encryption of any type of data across any device or cloud environment. This open-source technology can be particularly effective at the state and local levels, as those agencies are tasked with safeguarding increasing amounts of sensitive data—like employee vaccination records and test results.

While COVID-19-related employee data is the catalyst pushing organizations to take additional steps to ensure data privacy and security, it’s not the only sensitive data that agencies manage, and it won’t be the last new data type they’ll need to worry about. End-to-end encryption enabled by TDF can empower organizations with the versatile protections they need—across any application, device or cloud—whatever forms of data they need to gather, manage and share.

At the end of the day, agencies are tasked with serving the public and gaining their trust. A demonstrated commitment to respecting individuals’ personal data, whether those individuals are employees or constituents, can go a long way to foster trust during the volatility and unpredictability of the global pandemic—and when the pandemic is over, it will still be a vital way to serve our communities.

 

As CEO and co-founder of Virtru, John Ackerly is a long-time privacy advocate. Prior to co-founding Virtru, Ackerly worked in both the private and public sectors, including serving as a technology policy advisor at the White House and the policy and strategic planning director at the U.S. Department of Commerce.

 

Tags: homepage-featured-1 homepage-featured-3 homepage-featured-4 Administration Administration Article

Most Recent


  • Amid shifting workplace expectations, local government employers must adapt
    Constrained by inflexible budgets, local government employers can’t compete with the lucrative salaries offered in the private sector. And while recruitment has always been a challenge for public employers, the last two years have been especially difficult. From January 2020 to the same month this year, government organizations lost around 600,000 jobs—more than manufacturing, wholesale […]
  • baseball
    Minor league baseball is helping cities hit a revitalization home run
    It’s that time of year again—the crack of the bat, the roar of the crowd when the home team hits a home run, not to mention the peanuts, Cracker Jacks and hot dogs! Nothing compares to the fun of gameday at the stadium, enjoying the national pastime of baseball. Some mid-sized cities have taken the […]
  • MSPs
    The MSP downstream cyberthreat paradox: Understanding the city and county connection
    Recently the Cybersecurity and Infrastructure Security Agency (CISA) along with the FBI, NSA, and international cyber authorities issued a cybersecurity advisory aimed at protecting managed service providers (MSPs) and their customers. This high-level advisory has been gestating for some time ever since the SolarWinds and Kaseya supply chain cyber-attacks. A software supply chain attack occurs […]
  • Philanthropic group to launch assistance portal for local admins navigating federal bureaucracy
    A joint venture announced Tuesday by a group of philanthropic organizations—in collaboration with the U.S. Conference of Mayors, the National League of Cities (NLC) and Results for America—seeks to help small and mid-sized communities secure their piece of the $550 billion in funding available for local governments navigating federal bureaucracy. The digital portal will launch […]

Leave a comment Cancel reply

-or-

Log in with your American City and County account

Alternatively, post a comment by completing the form below:

Your email address will not be published. Required fields are marked *

Related Content

  • Trends for the future: Public procurement professionals adapt to the changing and challenging times ahead
  • Key steps governments can take to guard against malware attacks
  • Data privacy challenges for California COVID-19 contact tracing technology
  • Maintaining technology infrastructure during the COVID-19 pandemic

White papers


The PIO’s Ultimate Guide to Social Media

16th May 2022

Gain Greater Visibility Into Your Public Works Fleet

16th May 2022

Arizona Arts Center Meets Rapid Deadline with Hundreds of Thousands in Savings

26th April 2022
view all

Events


PODCAST


Young Leaders Episode 4 – Cyril Jefferson – City Councilman, High Point, North Carolina

13th October 2020

Young Leaders Episode 3 – Shannon Hardin – City Council President, Columbus, Ohio

27th July 2020

Young Leaders Episode 2 – Christian Williams – Development Services Planner, Goodyear, Ariz.

1st July 2020
view all

Twitter


AmerCityCounty

Amid shifting workplace expectations, local government employers must adapt dlvr.it/SQm2RT

20th May 2022
AmerCityCounty

Smart911 emergency profiles provide first responders with more information, faster dlvr.it/SQh9gl

19th May 2022
AmerCityCounty

Minor league baseball is helping cities hit a revitalization home run dlvr.it/SQc5N4

18th May 2022
AmerCityCounty

Sustainable Purchasing Leadership Council can help governments get up to speed on sustainable buys dlvr.it/SQbwqL

18th May 2022
AmerCityCounty

The MSP downstream cyberthreat paradox: Understanding the city and county connection dlvr.it/SQYVjs

17th May 2022
AmerCityCounty

Philanthropic group to launch assistance portal for local admins navigating federal bureaucracy dlvr.it/SQY16G

17th May 2022
AmerCityCounty

Report: Nearly 95 percent of America’s mayors face harassment, threats and violence dlvr.it/SQTn2z

16th May 2022
AmerCityCounty

The PIO’s Ultimate Guide to Social Media dlvr.it/SQTdCK

16th May 2022

Newsletters

Sign up for American City & County’s newsletters to receive regular news and information updates about local governments.

Resale Insights Dashboard

The Resale Insights Dashboard provides model-level data for the entire used equipment market to help you save time and money.

Municipal Cost Index

Updated monthly since 1978, our exclusive Municipal Cost Index shows the effects of inflation on the cost of providing municipal services

Media Kit and Advertising

Want to reach our digital audience? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • IWCE’s Urgent Communications
  • IWCE Expo

WORKING WITH US

  • About Us
  • Contact Us

FOLLOW American City and County ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookies Policy
  • Terms
Copyright © 2022 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.
This website uses cookies, including third party ones, to allow for analysis of how people use our website in order to improve your experience and our services. By continuing to use our website, you agree to the use of such cookies. Click here for more information on our Cookie Policy and Privacy Policy.
X