You’ve finally identified an occupational safety technology that you, other health and safety managers, and leadership are excited to procure, but are you are also concerned about workers’ negative perceptions around the intrusiveness of real-time health and safety monitoring.

How can you motivate employees and ease their concerns around adopting such technologies in a world of hyper-awareness around personal data and privacy?

What employees need to understand is how such technologies will help proactively prevent risk and injury not just in real time, but also taking into consideration long-term factors. This technology, deemed an “Intelligent Guardian”, is designed to monitor and protect your team beyond what any human can do. Such monitoring approaches aren’t here to be used in a negative way or potentially harm the employment of those using it, but perception is often reality.

Some examples:

Let’s say one of your employees is working in a confined space and you’re notified that their posture is in a facedown position and they’ve stopped moving. With normal standby safety attendant monitoring procedures as mandated by OSHA 1910.146, it may be difficult for the standby to understand exactly what is occurring inside of the space. Did the person fall asleep, were they exposed to a toxic gas, are they having some other medical problem? The reality is that although human observers are a critical component of an effective safety policy, there are many dangers the human eye, ears, and nose cannot readily sense. This dilemma is one of the main contributing factors to the morose statistic that 60% of confined space fatalities are from would-be rescuers. Human nature is to help those in needed, but without an understanding of how the entrant’s body is interacting with the environment, there is danger to all parties. With SafeGuard, managers can be proactively alerted to anomalies in the environment and with the involved human operator.  Managers can now be immediately notified to come to the employee’s location versus waiting for someone to (hopefully) identify the impending problem and provide assistance before injury or even death occurs.

Consider if a worker is exposed to a toxic gas. Normally, a sensor would alert the worker when the exposure level in an area is life threatening and they need to evacuate. What if you could tell if they personally are being exposed to such small amounts of harmful substance that it doesn’t trigger the alert but over time that exposure will increase their chances of developing a chronic illness?

We call this personalized, predictive monitoring.

Just like other technologies that collect, store, and manage user data, there is a possibility that appropriate measures aren’t put into place, which can undermine employee trust and limit effectiveness of corporate cybersecurity initiatives. Alleviating privacy concerns that come with such monitoring technologies is a critical step to ensuring successful acceptance and adoption by the workforce. With that said, we’ve listed some FAQs we typically receive regarding our cybersecurity and privacy safeguards.

Possible Questions

Will this be used to monitor employee performance or track breaks and time in the restroom?

No. You can implement a workforce solution that allows monitoring to be turned off by users at the click/swipe of a button—no questions asked.

Is this considered medical data?

No. SafeGuard has been designed to only notify of abnormal physiological, environmental, locational, or behavioral patterns, such as an extended high heart rate coupled with rising core body temperature, so you can make sure workers are taken care of via personalized protection. This data is not used to make a medical diagnosis.

What about Health Insurance Portability and Accountability Act (HIPAA)?

The data we’re collecting is not used for medical diagnosis or to evaluate the health or performance of employees. Therefore, it’s not categorized as HIPAA information. Our approach and tech stack satisfies HIPAA standards through the use of HIPAA-compliant services, but that’s only to ensure additional security.

Who will be able to see the data?

First and foremost, the worker. This is their data, and it should be treated as such. We strongly encourage voluntary data collection and sharing with their employer. User identity can be kept completely confidential through anonymization if needed. However, we recommend that user identity be revealed if SafeGuard is triggered by irregularities that indicate risk or potential injury like decreased oxygen levels or a fall that causes injury. This ensures that appropriate help can be provided in a timely manner while also letting rescuers know who to look for. In most cases, only a manager will be notified so they can provide assistance.

What happens to worker data if there’s an alert?

A direct manager can receive an alert for a pre-defined set of conditions so they can notify or assist the worker. Alerts prompt a call for immediate assistance, evaluation of working conditions, and the prevention of future risk and injury. The data is not used for medical diagnosis. However, it may be used for investigative purposes to determine the root cause or contributing factors of the incident in question (e.g., oxygen or LEL levels prior to an explosion).

Can the data be stolen?

Although no security procedures or protocols are ever guaranteed to be 100% penetration-proof, SafeGuard utilizes some of the most advanced technology for internet security available today, including anonymization, multi-tenancy with data isolation, and data encryption in transit and at rest. Put simply, we have implemented appropriate organizational, technical, and administrative measures to protect personal information within our organization, including security controls to prevent unauthorized access to our system. We’ve taken numerous steps to secure workforce personal information from loss, misuse, interference and unauthorized access, modification, and disclosure. Lastly, we do not store incriminating information such as addresses, social security numbers, financial information, etc. This is a drastically different level of risk compared to an example of a credit reporting agency having a data leak.

Customizing Worker Privacy and Security

System Architecture

VigiLife uses a newer, modern architecture with one of the most trusted and secure cloud providers, Amazon Web Services (AWS).

SafeGuard uses a multi-tenant SaaS architecture with the ability to have strong data isolation for each tenant. This means each organization has their own data storage resources that are completely independent from each other versus a single set of shared resources, which offers more security and flexibility for each tenant. In addition, all data storage mechanisms in use enforce data to be encrypted at rest.

SafeGuard leverages many cloud services from AWS that inherently satisfies many security standards and compliance requirements such as HIPAA and FEDRAMP. We also use AWS GovCloud for customers who need to meet very strict security requirements and regulations, such as those within the DoD.

Other steps we take to ensure data is secure are;

• Limiting direct interaction to the cloud to only necessary individuals
• Enforcing multi-factor authentication for any users of the cloud
• Assigning roles to users which are scoped with appropriate permissions
• Segmenting different instances of the system and access to those resources (i.e., production resources are separate from testing/development resources)

Roles and Permissions

No one wants to think that their peers can view their data at any time. This can cause anxiety and high-tension within the workplace. That’s why leadership can select roles and permissions of who can access the data.

Customized Data Retention or Deletion

You may choose for data to be deleted after a certain time. Perhaps data will be deleted on a weekly, monthly, or quarterly basis with only the final report saved for referencing any changes in working conditions.

Confidentiality

You can have a worker’s name and picture attached to their data, but you can also anonymize them. For example, each worker can be assigned a number. This way, the health and safety manager only views workers by their assigned numbers instead of identifiable names and pictures. For example, perhaps Worker A is going into a confined space and will be working with a hazardous chemical.

Next Steps

If you have questions on how to present VigiLife’s SafeGuard to your workers, please contact us.

We’re happy to help you develop a plan on how to use the data in ways that align with your company’s goals. Safeguard’s extensibility allows for the technology to cater to existing policy and requests by employees themselves or represented workforces. We can also join you in showing workers a demonstration of how it works and answer questions based on how you’ve chosen to capture, visualize, and report on the data.

Haven’t seen SafeGuard in action yet? Contact us to request a personalized demo and discussion. We’re happy to show you how others have used it to improve their health and safety programs by proactively preventing risk versus responding to incidents.

Lastly, be on the lookout for updates from us regarding our activities to provide our clients with a modern, secure, privacy-preserving, and scalable health and safety assessment solution. Maintaining high levels of user privacy and cybersecurity is not a one-time event, so we invite you to join us on our mission to protect and prolong the lives of those at risk without compromising security, privacy, and efficiency.