Privacy and data sharing

A checklist for building privacy and data security into contact tracing programs


1. Assess the overall process

2. Assess policy simplification

3. Privacy / Communications to contacts

4. Notification

5. Data sharing plan/framework

6. Technology

7. Assess and ensure proper data security policies, standards and controls are in place

8. Assess and document data retention, access, deletion, & de-identification policies

9. Train staff

10. Remote working rules

11. Agility

HIPAA and privacy compliance are highly fact-specific. This checklist is not intended as, and should not be treated as, legal advice concerning any particular course of action.

Implementation tools

Last updated