For organizations in the U.S. with more than 100 employees, an upcoming rule from OSHA will require proof of COVID-19 vaccination, or weekly negative tests, for employees. This will require companies to collect a greater volume of COVID-19 vaccination data and testing results, as well as general protected health information (PHI) and personally identifiable information (PII) than they have previously, putting a greater burden on HR, administrative, and executive teams. The White House COVID-19 Action Plan outlines the following:
The Department of Labor’s Occupational Safety and Health Administration (OSHA) is developing a rule that will require all employers with 100 or more employees to ensure their workforce is fully vaccinated or require any workers who remain unvaccinated to produce a negative test result on at least a weekly basis before coming to work. OSHA will issue an Emergency Temporary Standard (ETS) to implement this requirement. This requirement will impact over 80 million workers in private sector businesses with 100+ employees.
This data will likely need to be shared internally among HR and leadership teams, as well as stored for company records. It’s imperative that companies protect employees’ personal data as it’s collected, stored, and shared.
Collecting Individuals’ Private Information
Companies need to establish a clear, secure process for collecting employees’ health data. While OSHA proof-of-vaccination requirements were still being determined at the time of writing, it’s possible that vaccinated employees may demonstrate proof of vaccination by showing their physical vaccine card, or using a secure app such as Apple Wallet. Employees who have not received the vaccine will be required to undergo testing at least weekly, with negative test results required to come to work.
Regardless of how employees provide this information, it’s likely that HR teams will need to collect and manage the results, aggregate those results across the workforce, and communicate with managers of unvaccinated individuals. If that information needs to be shared via email or other collaboration flows, it’s essential that those messages are secured with end-to-end data protection.
Is TLS Encryption Secure Enough?
Some organizations assume that the transit-layer security (TLS) encryption native to most email applications is secure enough to share sensitive data. However, TLS only protects messages in transit. For security that will best protect sensitive health-related information, organizations should encrypt this data from end to end: in transit, at rest, and beyond.
Unlike solutions using TLS encryption, which only encrypts data in transit, Virtru’s data protection solutions encrypt data from end to end, from creation to storage, enabling secure internal and external sharing. Virtru uses encryption algorithms that comply with FIPS 140-2, is FedRAMP authorized at the moderate impact level, and adheres to the security controls defined by NIST SP 800-53. Virtru cannot access your protected data at any time.
Virtru Secure Share, coming soon to beta, can also help address the pain points of securely collecting documentation from employees. With Secure Share, HR teams can have their employees submit proof of vaccination, or test results, through a secure link. With Secure Share, employees can set a time limit and other parameters around their COVID-19 vaccination data and test results, giving them confidence that their information remains securely under their control. Sign up for the Secure Share beta to become one of the first Virtru customers to leverage this capability.
Build Trust by Securely Managing COVID-19 Vaccination Data & Test Results
By safeguarding your employees’ COVID-19 vaccination data and testing results, you’re demonstrating a commitment to their privacy. In a recent Edelman brand trust study, 81% of respondents said personal vulnerability (around health, financial stability, and privacy) is a reason why brand trust has become more important.
Giving employees control and visibility of their personal information builds trust, especially in such a challenging environment. As the labor market becomes increasingly competitive in the wake of COVID-19, trust can be your competitive advantage — both from an internal, employee loyalty perspective and an external, brand-building perspective. As more employees go back to the office, data protection is a key action that corporate leaders can take to make their employees more comfortable. Demonstrating a commitment to employees’ privacy can go a long way.