Best Practices | September 22, 2021

3 Simple Steps Businesses Can Take To Keep Employee and Customer Health Data Safe

by Proxy

As vaccination verification slowly becomes the new norm in many places, how can you ensure your employee and customer information stays safe and private?

It's safe to say that a few years ago, many people didn’t think much about online tracking and data gathering. A number of things have happened in recent years bringing the issue into mainstream coverage, including the Cambridge Analytica scandal in which the consulting firm allegedly misused the data of millions of Facebook users; big tech companies testifying before congress over their practices of amassing user data; data-gathering regulations in states like California; breaches at large retailers; and the proliferation of Internet of Things devices and wearables. 

But now that health-related data is being routinely collected, it’s more important than ever to make sure it is secure — especially now that many of us are carrying around our COVID vaccine cards. States are beginning to digitize their COVID-19 vaccine records, and now we’re seeing many businesses and even municipalities like New York require proof of at least one vaccine to dine at indoor restaurants or enter gyms. Many businesses are struggling to keep up with changing local compliance requirements and company policies along with collecting a tsunami of data every day. 

We’re still in the early days of this, but with the spread of new variants, employers and businesses are now considering how they might manage checking for proof of vaccination or negative COVID-19 test results in a safe and secure way. What’s the best way to handle this while still keeping the office and off-site environment safe? What are the liability concerns to be aware of? It may seem overwhelming, but here are a few simple steps organizations can take to jumpstart offsite events and their return to office (RTO) efforts without compromising safety or data privacy.

Know That Not All QR Codes Are Created The Same

States like California and New York have rolled out digital vaccine cards, but they have inherent vulnerabilities in them. It’s nothing against these providers, more just a general flaw in QR codes as a whole. For example, QR codes are issued for each vaccine record, but they are static QR codes, which make them incredibly easy to screenshot and pass around and share — essentially making them like a fake ID. 

Using a solution like Proxy, however, provides users with two secure solutions — scanning their vaccination records directly from their device and generating a dynamic QR code within the Proxy app, or scan any existing vaccine card QR code (Excelsior, California digital pass, and some others) directly in the Proxy app to create a new dynamic QR code. Proxy not only allows users to store their information and vaccine record locally on their device and share in a verifiable, privacy-preserving way, it also allows them to create a more secure version of their existing QR codes. 

Dynamic QR codes, unlike static QR codes, can be updated as well as provide additional tracking capabilities such as number of times it’s been scanned, location, and time of scan. This allows for a more safe and secure solution, as updating a dynamic QR code essentially makes any prior ones invalid, reducing the risk of sharing QR codes.

Communicate With Employees and Customers How Their Data Is Used or Stored

Since this is all still fairly new and constantly changing, some people are concerned with how their data is being stored. As an employer or a business, ideally you're not actually storing any of this information and instead using a solution like Proxy to avoid keeping any sensitive health information about your employees, while maintaining a detailed digital record of the vaccinations and test results that were presented. 

When you don’t store copies of health records, or photocopies of paper cards and printouts, they can’t be leaked if there is a security breach, they can’t accidentally be seen by other employees who should not have access to this information, and they can’t fall into the hands of those who might abuse this data. This allows you to ease the minds of customers and employees by communicating that this data is not stored, while also taking necessary steps to ensure that your customer and employee is safe.

If You’re Working With a COVID Test Provider, Make Sure You Are Taking Additional Security and Privacy Steps

Ideally, you're not asking your employees or customers to print out their COVID test results and keep them on file, as that is yet another opportunity for employee health data to be lost or misused. Some employers set up testing partnerships with specific test providers, or use stickers to identify employees with a negative result. While there are benefits to a direct partnership with a test provider, such approaches are not private from the perspective of the employee or guests.

The best way to approach this is to use a system that can present verifiable proof of vaccine cards and test results in the same uniform and private way, regardless of which test provider your employees chose to use. The best system integrates test results with identity verification in a privacy-first approach without storing or transmitting actual medical records — or labeling your people with stickers. Proxy makes it easy for users to provide both vaccine records and test results, and share them securely and privately.

Taking the next step with Proxy Health Pass

Proxy Health Pass makes it easy for businesses to verify whether employees have been vaccinated or recently had a negative COVID test result. You can get started today with Proxy Health Pass by signing up for a free trial and feel confident that you’re bringing back employees back to work safely. 

→ Click here to get started with Proxy Health Pass

WATCH THE WEBINAR: 3 Ways to Automate Employee Vaccination and Testing Verification

Watch this webinar where we sit down with industry experts to discuss three popular ways people are approaching the vaccine and testing verification process. We'll help you determine which approach is right for your organization.