The Biden administration has called for all people at least 18 to be eligible for the COVID-19 vaccine by April 19, 2021. Most states have already done so.

BenefitsPro article cites a 2017 survey from the Society for Human Resource Management (SHRM) that found almost 60 percent of employers offer on-site flu vaccinations. Naturally, with expanding availability of COVID-19 vaccination doses and widespread eligibility, organizations are asking whether setting up an on-site COVID-19 vaccination program is more involved than one offering flu shots. The short answer is yes.

The country continues to operate under a national emergency due to a pandemic, not present during a typical flu season. Accordingly, concerns about safety and minimizing spread are significantly amplified. Individuals tend to be familiar with flu vaccines, not so with the current COVID-19 vaccines. Concerns over the emergency use authorization status of the COVID-19 vaccine, privacy, individual rights, school openings and childcare, effects on continued employment, liability, and so on are apparently not as prominent when getting an annual flu shot.

Taking those and other concerns into account, organizations considering setting up an on-site COVID-19 vaccination program have several issues to consider. Below is a nonexhaustive list of a few of those issues. Additionally, the Centers for Disease Control and Prevention has provided some guidance for organizations establishing a workplace vaccination program, as has the National Institute of Health.

Getting Organized

Whether an organization will set up a program for one or multiple locations, it is critical to have a plan in place and responsibility assigned to carry out that plan. Many organizations will rely on a local health department (LHD) or a third-party health care provider (TPHCP) to administer the vaccine. But it is unlikely that either will just show up and start putting needles in arms. The organization will need to address a range of action items, and that will include outlining who will be responsible for what.

Vaccine Administration and Reporting

A big question is who is going to order, receive, and store the vaccine doses, administer them to patients, satisfy federal and state reporting requirements, and carry out other health-related duties and obligations. Unless the organization has an existing on-site occupational health clinic, staffed with persons who are adequately trained, it will typically look to an LHD or TPHCP who will marshal, store, dispense, and, if needed, dispose of unused vaccine doses. Additionally, that entity generally will be responsible for reporting mandates and related activities.

When partnering with an LHD or TPHCP to administer vaccines, a careful review of the services or other agreement is warranted to clearly set out which services are being provided and which are not being provided, among other issues.

Facility Suitability and Preparedness

Even as the pace of vaccinations continues to increase, the threat of contracting COVID-19 remains. Thus, federal and state health authorities recommend continuing health and safety measures: screening, social distancing, mask wearing, and so on. Thus, planning for on-site COVID-19 vaccine administration should include a review of how the facility can best accommodate the personnel needed to deliver the vaccine, as well as those receiving it. This should include evaluating the space and traffic flow and designating separate places for registration, vaccine administration, and recovery to ensure appropriate social distancing.

Preparing a chart of the space can help organizers maintain the applicable safety measures, as well as better plan for contingencies and adequate communication.


Whether setting up a health fair or an on-site vaccination clinic, concerns about potential liability will certainly arise, such as from an adverse reaction to the health service rendered. This is no less true for the COVID-19 vaccine. However, healthcare providers and employers may qualify for a level of immunity under the Public Readiness and Emergency Preparedness Act (PREP Act), provided the requirements of the PREP Act are satisfied. The Prep Act protects “covered persons,” such as:

  • Program planners: individuals and entities involved in planning, administering, or supervising programs for distribution of a countermeasure (e.g., state or local governments, Indian tribes, or private sector employers or community groups that establish requirements or provide guidance, technical or scientific advice or assistance, or provide a facility); and
  • Qualified persons: persons who prescribe, administer, or dispense countermeasures such as healthcare and other providers or other categories of persons named in a declaration, that engage in countermeasures covered by the Health and Human Services Secretary’s declaration, as amended, such as “products that are approved, cleared, or licensed by FDA; authorized for investigational use, i.e. an Investigational New Drug [] or Investigational Device Exemption [], by FDA, authorized under an EUA by FDA, or otherwise permitted to be held or used for emergency use in accordance with Federal law” in a manner consistent with the requirements of the declaration, provided they have not engaged in willful misconduct.

Organizations should review the scope of this immunity with legal counsel, along with other steps for mitigating potential exposures not covered by the PREP Act, such as insurance and contract negotiation.


There are several areas of communication that must be considered, including what needs to be communicated, who is responsible for communicating, and when to communicate. For example, it is important to ensure those eligible to get the vaccine have been provided sufficient information to make an informed decision about getting vaccinated. Often the LHD or TPHCP will provide employers information that will need to be shared with employees prior to the on-site vaccination day. Further, questions may arise in the process from employees, the third-party provider, or even the media concerning the organization’s vaccination program. Anticipating and planning response strategies to these inquiries will help avoid potentially damaging miscommunications while building confidence in the program.

Employment Issues

Bringing COVID-19 vaccinations on-site for employees will raise several employment issues that organizations should be thinking about, such as:

  • Whether vaccination should be mandatory or voluntary. This is a difficult decision for many organizations that requires careful examination of several factors, including employee morale and applicable federal and state law. For employers moving forward with an on-site COVID-19 vaccination program, additional considerations exist if they intend to mandate the vaccine. Since pre-screening questions required as part of the on-site administration will include medical inquiries, whether an employer can mandate that employees receive the vaccine will be limited. Generally, employers who administer or contract with an administrator to come on-site to vaccinate employees can only mandate if the pre-vaccination screening questions do not include inquiries about genetic information and vaccination is job-related and consistent with business necessity.
  • COVID-19 vaccine incentives. As an alternative to mandating vaccinations, employers who wish to strongly encourage vaccinations, may choose to offer employees an incentive to get the vaccine. Depending on the incentive, employers, will need to be prepared to provide reasonable accommodations for persons with disabilities and religious objections, and to assess the appropriateness of the incentive.
  • Informed consent. Employers holding on-site COVID-19 vaccination programs may wish to have employees sign an informed consent as a condition of receiving the vaccine on-site. An informed consent should contain appropriate disclosures about the vaccine and the vaccination process, a statement that the employee understands the process as well as an acknowledgment that receipt of the vaccination was the employee’s free choice.
  • Employee benefit. An arrangement sponsored by an employer to provide vaccines for employees may be structured to be part of or itself an employee welfare benefit plan under the Employee Retirement Income Security Act of 1974 (ERISA). Employers should seek legal counsel on whether ERISA applies, as well as other laws regulating benefit plans, such as HIPAA and the Affordable Care Act.
  • Eligibility. Organizations may want to consider whether persons other than common law employees based at the administration site will be eligible to get the vaccination on-site. Other categories of individuals to consider might include employees working and living in other states, non-U.S. employees, family members, contractors, and contingent workers.
  • Scheduling, leave management. Offering a COVID-19 vaccination program on-site could raise logistical challenges regarding scheduling – when to schedule the first and second doses, the amount of lead time needed to maximize participation, how to stagger scheduling to avoid business interruption, providing time for employees who may experience adverse effects, and the like. Working ahead of time to address these issues could go a long way to maximizing vaccination rate and minimizing business interruption and dissatisfied employees.
  • Labor relations. Offering a COVID-19 vaccine to employees represented by a labor union may require negotiations with that union.

Data Privacy and Security

The ongoing debate over privacy and “vaccine passports” illustrates the sensitivity about information relating to a person’s vaccination status. Accordingly, an organization’s plan for on-site delivery of COVID-19 vaccines to employees should carefully consider how information about vaccination status will be shared. Some sharing of information in such an environment may be unavoidable (“Hey, I saw you getting a vaccination, how did it go?”). Organizations should be doing what they can to minimize unnecessary and unauthorized access and acquisition of such information. This includes coordinating with third-party vendors where applicable and ensuring appropriate privacy and security safeguards are in place. If an employer requires proof of vaccination from employees, such information should be treated as confidential medical information.

There is quite a bit to think about when setting up a COVID-19 vaccination program. While flu vaccination programs likely differ, prior experience with health fairs and flu vaccination offerings can be helpful reference points. Having a good team in place, careful planning, and the support and collaboration of an LHD or TPHCP, among other things, will help lead to a successful program.

If you have questions or need assistance, please reach out to the Jackson Lewis attorney with whom you regularly work, or any member of our COVID-19 team.

Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Jenifer M. Bologna Jenifer M. Bologna

Jenifer Bologna is a principal in the White Plains, New York, office of Jackson Lewis P.C.

Photo of Patricia Anderson Pryor Patricia Anderson Pryor

Patricia Anderson Pryor is the office managing principal of the Cincinnati, Ohio, Dayton, Ohio and Louisville, Kentucky offices and is also a client solutions leader of Jackson Lewis P.C. Patty is an experienced litigator in both state and federal courts, representing and defending…

Patricia Anderson Pryor is the office managing principal of the Cincinnati, Ohio, Dayton, Ohio and Louisville, Kentucky offices and is also a client solutions leader of Jackson Lewis P.C. Patty is an experienced litigator in both state and federal courts, representing and defending employers in nearly every form of employment litigation, including class actions.

Photo of Joseph J. Lazzarotti Joseph J. Lazzarotti

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP)…

Joseph J. Lazzarotti is a principal in the Berkeley Heights, New Jersey, office of Jackson Lewis P.C. He founded and currently co-leads the firm’s Privacy, Data and Cybersecurity practice group, edits the firm’s Privacy Blog, and is a Certified Information Privacy Professional (CIPP) with the International Association of Privacy Professionals. Trained as an employee benefits lawyer, focused on compliance, Joe also is a member of the firm’s Employee Benefits practice group.

In short, his practice focuses on the matrix of laws governing the privacy, security, and management of data, as well as the impact and regulation of social media. He also counsels companies on compliance, fiduciary, taxation, and administrative matters with respect to employee benefit plans.

Privacy and cybersecurity experience – Joe counsels multinational, national and regional companies in all industries on the broad array of laws, regulations, best practices, and preventive safeguards. The following are examples of areas of focus in his practice:

  • Advising health care providers, business associates, and group health plan sponsors concerning HIPAA/HITECH compliance, including risk assessments, policies and procedures, incident response plan development, vendor assessment and management programs, and training.
  • Coached hundreds of companies through the investigation, remediation, notification, and overall response to data breaches of all kinds – PHI, PII, payment card, etc.
  • Helping organizations address questions about the application, implementation, and overall compliance with European Union’s General Data Protection Regulation (GDPR) and, in particular, its implications in the U.S., together with preparing for the California Consumer Privacy Act.
  • Working with organizations to develop and implement video, audio, and data-driven monitoring and surveillance programs. For instance, in the transportation and related industries, Joe has worked with numerous clients on fleet management programs involving the use of telematics, dash-cams, event data recorders (EDR), and related technologies. He also has advised many clients in the use of biometrics including with regard to consent, data security, and retention issues under BIPA and other laws.
  • Assisting clients with growing state data security mandates to safeguard personal information, including steering clients through detailed risk assessments and converting those assessments into practical “best practice” risk management solutions, including written information security programs (WISPs). Related work includes compliance advice concerning FTC Act, Regulation S-P, GLBA, and New York Reg. 500.
  • Advising clients about best practices for electronic communications, including in social media, as well as when communicating under a “bring your own device” (BYOD) or “company owned personally enabled device” (COPE) environment.
  • Conducting various levels of privacy and data security training for executives and employees
  • Supports organizations through mergers, acquisitions, and reorganizations with regard to the handling of employee and customer data, and the safeguarding of that data during the transaction.
  • Representing organizations in matters involving inquiries into privacy and data security compliance before federal and state agencies including the HHS Office of Civil Rights, Federal Trade Commission, and various state Attorneys General.

Benefits counseling experience – Joe’s work in the benefits counseling area covers many areas of employee benefits law. Below are some examples of that work:

  • As part of the Firm’s Health Care Reform Team, he advises employers and plan sponsors regarding the establishment, administration and operation of fully insured and self-funded health and welfare plans to comply with ERISA, IRC, ACA/PPACA, HIPAA, COBRA, ADA, GINA, and other related laws.
  • Guiding clients through the selection of plan service providers, along with negotiating service agreements with vendors to address plan compliance and operations, while leveraging data security experience to ensure plan data is safeguarded.
  • Counsels plan sponsors on day-to-day compliance and administrative issues affecting plans.
  • Assists in the design and drafting of benefit plan documents, including severance and fringe benefit plans.
  • Advises plan sponsors concerning employee benefit plan operation, administration and correcting errors in operation.

Joe speaks and writes regularly on current employee benefits and data privacy and cybersecurity topics and his work has been published in leading business and legal journals and media outlets, such as The Washington Post, Inside Counsel, Bloomberg, The National Law Journal, Financial Times, Business Insurance, HR Magazine and NPR, as well as the ABA Journal, The American Lawyer, Law360, Bender’s Labor and Employment Bulletin, the Australian Privacy Law Bulletin and the Privacy, and Data Security Law Journal.

Joe served as a judicial law clerk for the Honorable Laura Denvir Stith on the Missouri Court of Appeals.