In February of this year, the Biden Administration signed an executive order aimed to protect American citizen’s’ personal data, brought about in large part because of the growing awareness that sensitive data, including healthcare data, is being bought and sold internationally. This initiative, combined with a growing number of states enacting laws requiring companies to better protect employee and customer data, means HR professionals can no longer leave this to the IT and marketing teams to figure out.
Outlining the Current Problem with Data
Sensitive data isn’t limited to customer or patient data nor are hospitals the only companies that are exposing this data to international marketplaces. Most companies are collecting sensitive healthcare data on their employees and don’t have processes in place to safeguard that data. Most HR teams are not included in the conversations for what tracking data to use outside their department and they don’t know the data is even being collected by third party vendors.
The recent data breach at Kaiser that impacted over 13 million people is a perfect example of how easy it is for third party vendors to install tracking software on websites and mobile apps to collect sensitive data on visitors. Anyone who accessed information from one of these apps had personally identifiable information collected on them, including the pages they visited (and the health-related topics on those pages). Had Kaiser executives simply made it a priority to screen for third party tracking across their software vendors, this problem would have easily been prevented.
Once that sensitive information is in the hands of a third party vendor, it can be brokered on data markets that are open to anyone with the cash (or crypto) to purchase it. This is how sensitive employee data is ending up overseas and in the hands of foreign governments.
US healthcare data ending up overseas has significant implications for HR professionals and HR consulting firms. It raises concerns about compliance, data security, employee privacy, and business continuity. HR professionals need to stay informed and proactive in managing employee data responsibly to prevent it from getting into the hands of these third parties.
Protecting Employee Data – What HR Professionals Need to Know
HR professionals must prioritize various areas to adhere to best practices for protecting employee data effectively. This includes being vigilant about compliance risks, as transferring healthcare data overseas can breach regulations such as the Health Insurance Portability and Accountability Act (HIPAA), which could result in substantial fines and damage to reputation. Moreover, storing healthcare data on servers outside the U.S. might increase security risks, potentially exposing sensitive employee information.
The control over such data is also a critical concern. Once data is transferred overseas, HR might find it challenging to access or control it, complicating investigations, employee support, and responses to data breaches. Additionally, foreign data privacy laws may vary significantly from U.S. regulations, complicating efforts to ensure the protection of employee data.
Employee privacy is another significant issue. As employees grow increasingly concerned about their data privacy, HR professionals must maintain transparency and be upfront about data handling practices to sustain trust. Furthermore, the potential for data misuse by foreign entities could adversely affect employee morale and lead to legal challenges.
Business continuity is also at stake. Data storage overseas can be affected by political or economic instability, potentially disrupting healthcare access for employees. Time zone differences and logistical issues might also cause delays in accessing critical healthcare information.
In terms of benefits administration, transferring data may introduce errors or delays in processing claims and managing employee benefits. This could also lead to higher operational costs due to additional security measures or compliance requirements associated with overseas data storage.
Strategically, HR consulting firms need to understand these risks to advise clients on data security best practices and suggest alternative solutions for managing healthcare data effectively. Keeping abreast of emerging trends and regulations concerning data privacy is crucial for HR professionals to stay competitive in their field.
By focusing on these considerations, HR executives can safeguard employee healthcare data effectively while balancing the need to monitor work-related activities with respecting employee privacy, especially concerning sensitive information accessed on company computers. This comprehensive approach ensures a robust framework for data protection, addressing potential breaches, and maintaining overall risk management while supporting employee privacy and trust.
By taking these considerations into account, HR executives can ensure a balance between protecting company data and respecting employee privacy, specifically regarding sensitive healthcare information accessed on company computers.
Sarah M. Worthy is CEO of DoorSpace.