What IG Pros Need to Know about the Coronavirus Outbreak

Last Updated: March 11, 2020By
[glossary_exclude]The coronavirus, which brings on the disease Covid-19,  has made its way to the United States.  Despite your feelings on whether the virus is something we need to be concerned about, there are some concerns you need to be aware of as it relates to your privacy and rights.  Further, how the virus may refer to the organization you work for and the data you use or potentially are responsible for protecting.

The Center for Disease Control (CDC) is a federal organization in the United States.  The Public Health Service Act put in place in 1944 gives the CDC extensive powers.  While they intend to keep citizens aware, safe, and protected from an outbreak, they may have the ability to do so without your privacy concerns in mind.  The CDC has a field manual that outlines the powers that the CDC has and the limitations to those powers.  Below is an outline of those powers taken directly from the manual:

  • The protection must fit within the US Constitution and Bill of Rights of individuals
  • A state’s authority or “police powers” is extensive where many states can examine, treat, and quarantine citizens
  • The Fourth Amendment protects citizens from unnecessary searches and seizures
  • The Fifth Amendments prohibits the federal government from depriving any person of life, liberty or property without due process
  • If the CDC is met with resistance during an investigation, they may need assistance from the state’s attorney general for a court order
  • The state has inherent authority to impose restrictions on private rights for the sake of public welfare, order, and security

Once the state has permission to view the information by law authorities may obtain:

  • Specimens from hospitals or private labs
  • Review patient medical records
  • Administer questionnaires
  • Implement a variety of controls to prevent reoccurrence
  • Collect additional data on an ongoing basis
  • Close a business or restrict activities
  • Quarantine an exposed person
  • Vaccinate or administer antibiotics to exposed groups

Now that we understand a bit of the authority and access, let’s talk about your rights during an outbreak.  Essentially, the CDC and the state, if they feel you could help stop an epidemic, can basically quarantine you, shut down your organization, and possibly your access to your residence.  At this point, your privacy is virtually gone, but it isn’t (shouldn’t be) public (have you seen the New York lawyer who tested positive for the coronavirus having his picture splashed all over TV? The media ran with the story, without concern for personal privacy).  So, what can you do to prepare yourself and organization in the event you become wrapped up with the CDC or the state?  Check out these tips below, (and no, the below does not constitute legal advice):

  • Have a backup and restore process of your data. An offline and off-network is preferred by individuals who have trusted access
  • Review your business continuity plan specifically for a loss of location and key individuals
  • If you are sick or at high risk for a potential outbreak, have an attorney at the ready
  • Have a family plan on what to do in the event you or a loved one is unavailable. Such as Power of Attorney documents, spare keys, and potential access to financial accounts
  • Know that regulatory guidelines such as HIPAA may have exemptions
  • Talk to local authorities about how their plans could impact your organization
  • Ask for paperwork, documentation, names, and any information you can gather from authorities
  • Wash your hands—thoroughly and often, and cough into your elbow, not your hands

The coronavirus is not the first global viral outbreak, and it will certainly not be the last.  Investing in preparedness is something every individual and organization should do.  After all, if one were to become ill with this virus, the only thing that should matter is getting well and preventing others from falling ill.[/glossary_exclude]


recent posts

About the Author: Andrew Ysasi

Andrew Ysasi, MS, CRM, FIP, CIPM, CIPP, CISM, PMP, IGP is the Vice President of Kent RecordS AND INFORMATION Management® and President of IG Guru™, a news organization to ensure relevant IG news is shared with the IG community. He has volunteered with ARMA, the ICRM, worked as an adjunct professor and founded a career consulting practice – Admovio®. Andrew has spoken across the United States and contributed to ARMA’s Information Governance Body of Knowledge (IGBOK) and Record Management Core Competencies 2nd ed.