COVID-19: How Personal Health Data Stands At Risk

The spread of the novel coronavirus commonly known as COVID-19 is unparalleled in modern-day times. Unlike previous epidemics before, the modern world today has never experienced a global health threat such as this.​

And because of the many unknowns associated with COVID-19, such as to what extent are companies allowed to gather and share personal information and data to safeguard and secure public welfare, this lack of knowledge is causing many organizations, individuals and government bodies to grasp at straws.

At the moment, there is a lack of all-encompassing federal data privacy laws or safeguards in place to help organizations in understanding how to address personal information and data in times of a pandemic.

In this regard, the world at large is on the brink of an unprecedented threat they have not witnessed before.

In particular, how a business manages to balance the fine line between gathering and sharing confidential health information, customer and employee information and location data to help control the widespread disease and contain COVID-19 are still obscure.

Under the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, every employee's health information must be protected and held confidential.

But, in February 2020, the US Department of Health and Human Services issued a report that detailed when an individual's private health data can be disclosed.

Among the many reasons, one of them was "to avoid a serious and imminent threat" to the health of the public.

And in this regard, only entities and business associates covered by HIPAA would be permitted to share specific patient data under the privacy rule in the event of an outbreak of infectious disease or an emergency, with applied limitations and consistent to applicable law.

The report further states that under most situations, the entity covered by the HIPAA privacy rule must undertake reasonable efforts to curtail the disclosures to the minimum necessary to achieve the objective.

Those companies and entities which are not covered by HIPAA will not be subject to the privacy rules restriction.

Nevertheless, the bulletin states that private health disclosures must only be disseminated with authorized individuals and care must be taken to safeguard the employee's private health information from an inadvertent disclosure that could cause privacy violations.

Opportunistic hackers and pandemic fears

There is no time more significant than one which is ripe with panic, fear and widespread anxiety for data privacy risks and data intrusions.

As organizations across the world are preparing for substitute work arrangements, the looming doubt in mind is the heightened responsibility of protecting confidential and sensitive information regarding clients and employees when working outside office environments.

For instance, in China, there were reports of hackers sharing the remote access sessions by using Trojans disguised as simple office files or PDF documents.

Other cases of data breach examples included Trojans resembling documents providing updates and notifications concerning COVID-19.

Hence, organizations must train and remind their employees to verify the source of the text messages, records received, and emails before clicking on any links or opening any materials that could result in data loss and a data breach.

Besides, it is also imperative for companies to look into their cybersecurity protocols in place.

Having the requisite business continuity plans and practices while testing remote access and continuity of business operations can be a step further in safeguarding the company's networks.

Organizations must also continually remind their employees of their obligation to protect their companies' sensitive information, client personal data and classified company information at all times, whether at rest or in transit.

Digital rights management and data security

A simple and effective way to control how your data is viewed or used is by deploying digital rights management.

While employees who work remotely and third parties can provide you with a better service when you send out requisite information to them, you can ensure that only permitted entities can access or view your data as required.

You could also place access restrictions and controls on the data that you wish to secure and observe how the user is accessing the information shared with them.

Due to the nature of data privacy breaches, every organization must take the seriousness of data security very solemnly.

And with the rise of cloud technology growing daily, it makes sense to implement digital rights management when it comes to protecting your data.

When you apply digital rights management to a PDF file, the information contained in it is encrypted, and the recipient can only use the data in the manner you permitted.  

This may be for example restricting access to certain locations, stopping users sharing documents via remote access to their devices, preventing printing of confidential documents or ensuring content can no longer be accessed after a certain date.

Setting strict conditions around data access and use by providing a secure means of content control is one of the many in-depth security features of digital rights management.

Another crucial benefit of rights management is the ability to selectively revoke access when it is no longer required or changing permissions on-the-fly. Using PDF DRM ensures that you are always in control of your data.

Leave a Comment