As states gradually reopen after months of shutdowns, companies are turning to new apps that harness employee data to ensure staff can safely return to the office without bringing coronavirus with them.
With no approved vaccine for coronavirus, the onus is on employers to create safe workspaces. But the use of data in this way will inevitably risk legal challenges, experts warn.
In the case of UnitedHealth Group Inc., one of the largest health insurers in the U.S., this has involved teaming up with Microsoft Corp. to create the ProtectWell app. The software will allow staff to answer questions about exposure or symptoms of COVID-19 — the respiratory disease caused by the novel coronavirus — via Microsoft's health bot, as well as direct them to a testing process if needed, according to a May 15 news release.
Microsoft and UnitedHealth Group's ProtectWell app.
The companies also said the smartphone app will display workplace guidelines on preventing the spread of infection, such as social distancing, personal hygiene and sanitation.
Castlight Health Inc., which makes apps for employees to navigate the health insurance space, has developed its own COVID-19 platform, called Working Well.
"What it's doing is powering the employer and bringing people back to the office in a way where they can know it's safe and less likely to create any sort of tricky situation for their employees," Castlight CFO and Senior Vice President Will Bondurant said in an interview with S&P Global Market Intelligence.
Like Microsoft's ProtectWell, the Working Well platform includes an app that allows staff to self-assess their risk of exposure and any symptoms of COVID-19. Someone deemed at low risk will be clear to come to work while someone at medium risk — meaning they have one or two risk factors associated with COVID-19 — can be directed to a testing site. Someone at high risk, however, may have many symptoms or, under state and local guidelines, may be considered at greater risk of having the virus and will likely need to quarantine.
While the system allows the employer to monitor COVID-19 risk and notify employees through worksite contact tracing if they have been working closely with someone at high risk, the company will not hold onto this data permanently.
"We know that we can't screen for risk without asking questions and we know we can't contact trace without asking who you've been around and who you've connected with and spent time with," Bondurant said. "But the key tenet that we've taken is: once that data is no longer useful or valuable, which is about three weeks after it's collected, we don't need it anymore."
Data rights versus employee rights
Setting out a strategy for how the data will be stored could prevent problems in the future, as experts anticipate a clash between employees' limited data rights and their extensive workplace rights.
States and the federal government have different rules and regulations for returning to work that employers must follow, potentially setting the scene for lawsuits from employees, according to a recent report by S&P Global Ratings.
"For example, a company's choice to disclose an employee's infection to others could be seen as a breach of personal data privacy. In addition, requiring employees to test negative for COVID-19 before returning to work could be seen as disability discrimination and a violation of health privacy laws," Ratings analysts said.
While employees have a right to privacy, they have very few data rights, according to Dena Mendelsohn, director of health policy and data governance at healthcare security firm Elektra Labs Inc.
"I think even the most well-intended employer should expect some sort of resistance, and employers really do need to do their homework about what technologies they're telling their employees to adopt in order to reopen the workplace," Mendelsohn said.