Threats, Harassment, and Contact Tracing: Why Privacy Programs are Expanding to Protect Health Care WorkersBack in March we wrote about Address Confidentiality Programs (ACPs) as the “high stakes compliance risk you probably haven’t heard of.” These state-sponsored programs were traditionally designed to protect victims of crimes such as domestic abuse, sexual assault, stalking, or human trafficking from perpetrators who seek to find and harm their victims. Since that first post a lot has changed, namely COVID-19, the nation’s divisive stance on masks, and attitudes toward public health officials.

Nationwide, at least 61 state or local health leaders in 27 states have resigned, retired, or been fired since April 2020, according to U.S. News. The same report noted that 13 of those departures were in California, including 11 county health officials and California’s top two public health officials. A contributing factor to this exodus of leaders is that health officials are facing an increasing amount of harassment, and even threats of violence, for their work on issues such as contact tracing and COVID-19 containment strategies.

It is in the midst of this volatile healthcare environment that, on Wednesday, September 23, 2020, California expanded its ACP to include not just victims of domestic abuse, but also local health officers and other public health officials. This new expansion of the law allows these frontline workers to hide their addresses from the public in order to protect them from possible threats or violence.

Gov. Gavin Newsom’s Executive Order noted that “local health officers and other public health officials protecting public health during the COVID-19 pandemic have been subject to threats and other harassment including threats and harassment target at their places of residence, which threatens to chill the performance of their critical duties.” The Executive Order directs California Secretary of State Alex Padialla to establish a procedure to allow public health officials to participate in the California Safe at Home Confidential Address Program.

This shift is a significant milestone in expanding privacy rights of vulnerable populations, particularly when that vulnerability is a product of evolving public sentiment toward a particular group of people. ACPs shield home, work, and school addresses from public record searches and FOIA. Nationwide, about 41 states have some form of ACP. Most states restrict disclosure from public records, but seven states actually prohibit private companies from disclosing location information as well.

ACPs operate by providing alternate addresses for participants to use in place of their actual address. These designated addresses divert participants’ mail to a confidential third-party location (often a P.O. Box and/or a “lot number”), after which a state agency forwards the mail to the participant’s actual address.

As healthcare workers continue to battle on the front lines of the pandemic, it will be interesting to see if other states follow California’s lead. In the meantime, it is important to pay close attention to often-missed state privacy laws, such as ACPs. As the privacy landscape continues to evolve, these laws will continue to create a patchwork of regulations in the absence of sweeping federal privacy legislation. For now, California healthcare workers are now on the list of individuals whose privacy – and safety – often remain dependent on policy implementation at the state level.

Continue to look for further updates and alerts from Bradley on state privacy rights and obligations.

Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Erin Jane Illman Erin Jane Illman

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly…

Erin Illman is a dynamic problem solver with a strong understanding of U.S. and international private-sector privacy laws and regulations and the legal requirements for the transfer of sensitive personal data to/from the United States, the European Union and other jurisdictions. She regularly advises clients on CCPA, GLBA, HIPAA, COPPA, CAN-SPAM, FCRA, security breach notification laws, and other U.S. state and federal privacy and data security requirements, and global data protection laws. In addition to providing proactive privacy and information security compliance and legal advice, Erin manages privacy-related enforcement actions and litigation. Her practice includes representing companies in reactive incident response situations, including insider cybersecurity threats, electronic and physical theft of trade secrets, and investigation, analysis, and notification efforts with respect to security incidents and breaches.

Photo of Leah M. Campbell Leah M. Campbell

Leah Campbell is a senior attorney in the Banking and Financial Services Practice Group. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. She has advised national mortgage servicers…

Leah Campbell is a senior attorney in the Banking and Financial Services Practice Group. Leah has significant experience representing financial services and insurance company clients in both federal and state courts, as well as before state regulators. She has advised national mortgage servicers on FDCPA claims, loan finance companies on UDAAP claims, and banks on OFAC- related issues.

In addition, Leah has provided intellectual property guidance in M&A and corporate structuring matters and advised on GDPR implementation and cross-border encryption issues.