Is it a HIPAA Violation to Require Confirmation of Vaccine Status?

There is a lot of misunderstandings concerning the case of questioning a person if they had a COVID-19 vaccine. Is it considered a HIPAA violation, especially pertaining to employers questioning their personnel to give evidence of being vaccinated against COVID-19 to cease using a face mask in the work area?

The Health Insurance Portability and Accountability Act (HIPAA) contains terms relevant to personal privacy and uses and disclosures of protected health information (PHI). A person’s vaccination status is regarded as PHI. The HIPAA Privacy Rule controls the use and disclosures of people’s PHI to those necessary for treatment, billing, or medical care treatments. Other uses and disclosures normally necessitate the giving of a written consent by the person prior to the use and disclosure of their PHI. And so how does HIPAA correspond with requests for evidence of vaccine status?

HIPAA and Confirmation of Vaccine Status

Vaccination information is categorized as PHI and is protected by the HIPAA Protocols; nonetheless, HIPAA is only applicable to HIPAA-covered entities – healthcare companies, health plans, and healthcare clearinghouses – together with their business associates. In case an employer asks staff to present confirmation that they were vaccinated so as to let that individual work with no facemask, that isn’t a HIPAA violation since HIPAA isn’t applicable to companies.

It would additionally not be a HIPAA violation for an employer to check with an employee’s healthcare provider for the confirmation of vaccination. Nonetheless, the employee’s healthcare company would be in violation of HIPAA if it discloses that information to their employer, except when the person had furnished consent to do so.

As a company can necessitate all staff to put on a uniform in the job, an employer could have a policy that calls for employees to use a facemask throughout a pandemic to secure other employees and to deny entry to the office if a mask is not worn.

Questioning about vaccine status wouldn’t violate HIPAA nonetheless it is likely that other laws might be violated. For example, necessitating employees to reveal more health data including the reason why they aren’t vaccinated may likely violate federal regulations on certain occasions, even though this wouldn’t be a HIPAA violation. It’s additionally likely for states to bring in legislation that restricts employers from asking workers regarding their vaccine status.

On May 18, 2021, reporters questioned Rep. Marjorie Taylor Greene, (R-Ga) if she was vaccinated because she had declined to wear a mask on the House floor. In violation of House rules, a few GOP members had rejected wearing a mask, though they weren’t vaccinated. Greene explained to reporters that questioning her concerning her vaccine status breaks the HIPAA, nevertheless, this wasn’t right as reporters aren’t under HIPAA.

Disclosure of a Person’s Vaccine Status by a Healthcare Company

Healthcare companies can question whether a patient got a vaccination since asking does not violate HIPAA. It will be allowed for the healthcare company to reveal vaccine status data with a different covered entity or business associate, given that the disclosure was authorized under the HIPAA Privacy Law – for treatment, invoicing, or healthcare procedure – or when permitted by a patient.

Authorizations will not be demanded when disclosing vaccine status details for “public health activities.” As an example, disclosure is acceptable to “a public health authority that is certified by law to get or obtain such data for the goal of avoiding or taking care of illness, injury, or impairment, including though not confined to, the reporting of disease, pain, vital incidents,” and likewise for “the conduct of public health monitoring, public health inspections, and public health interventions; or, at the command of a public health authority, to an official of an overseas government agency that’s acting in a joint venture with a public health authority.

Link copied to clipboard
Photo of author

Posted by

Mark Wilson

Mark Wilson is a news reporter specializing in information technology cyber security. Mark has contributed to leading publications and spoken at international forums with a focus on cybersecurity threats and the importance of data privacy. Mark is a computer science graduate.