Does HIPAA prohibit questions about vaccination?

Part of computer keyboard with bright green key marked HIPAA

Do you ever surprise what’s behind that HIPAA kind you get at your physician’s workplace at each go to? Do you learn it every time?

My guess is that after greater than twenty years, few folks really trouble to learn the shape, and fewer nonetheless can declare to grasp it. But, since 1996, privateness guidelines described within the Well being Insurance coverage Portability and Accountability Act (HIPAA) stop disclosure of sure well being data to unauthorized folks with out your permission. And it requires that the physician’s workplace present a discover to you about how your data is used and guarded.

Does HIPAA shield vaccination standing?

For a rule that’s been round so lengthy, it’s outstanding that HIPAA has been so misunderstood and so ceaselessly featured within the information currently. For instance:

  • Requested if she’d been vaccinated towards COVID-19, a member of Congress from Georgia replied, “Your… query is a violation of my HIPAA rights. You see, with HIPAA rights we do not have to disclose our medical information and that additionally contains our vaccine information.” Sorry, improper.
  • An NFL quarterback requested the identical query responded in comparable type: “I don’t essentially suppose that’s precisely essential; I feel that’s HIPAA.” Once more, improper.
  • When President Biden proposed having public well being employees canvass neighborhoods door-to-door to encourage unvaccinated individuals to get a COVID vaccine, the lieutenant governor of North Carolina declared this plan was unlawful as a consequence of HIPAA guidelines. Nope, it isn’t unlawful and HIPAA doesn’t cowl this.

And it’s not simply athletes and lawmakers getting it improper with HIPAA and vaccination standing. All through the pandemic, pretend masks exemption playing cards have been obtainable on-line. These playing cards are meant to permit the proprietor to forego sporting a masks for medical causes. Some pretend playing cards state that due to HIPAA, the cardboard’s proprietor is just not required to reply any questions on their medical situation.

Sadly, as with the examples above, this misunderstands what HIPAA covers and what it requires.

What you want to find out about HIPAA

First, the primary aim of HIPAA helps folks preserve their healthcare insurance coverage protection if they modify or lose their jobs. The Act inspired using digital information to switch affected person data. Keep in mind, shifting knowledge round electronically wasn’t widespread in 1996. Guidelines have been quickly added to reply to issues about holding our well being data personal.

Nonetheless, the HIPAA privateness guidelines are relatively restricted: they prohibit the launch of protected well being data (often known as PHI) by others with out your consent. They don’t have anything to do whether or not you possibly can or ought to reply questions on your vaccination standing, or some other well being difficulty. That’s merely not what HIPAA does.

And to be clear, HIPAA defines protected well being data as

  • well being data that’s “individually identifiable” — that’s, medical data that features data that identifies you, similar to your title, deal with, or date of delivery
  • details about a bodily or psychological situation you’ve gotten or had previously
  • an outline of healthcare you’ve gotten acquired
  • particulars about funds made for healthcare you’ve acquired.

Right here’s what the privateness rule requires. Anybody who has entry to your protected well being data, similar to healthcare suppliers, well being insurers, or medical billing firms, should

  • be certain it’s saved confidential
  • defend well being data towards safety threats
  • be sure that staff are educated in and diligent concerning the confidentiality of PHI.

There are exceptions to holding PHI secret. For instance, PHI could be disclosed with out your permission to permit medical remedy, to submit payments to your medical insurance firm, or when required by legislation. It’s not a violation of HIPAA in case your physician offers your PHI to a different physician who can also be a part of your remedy group. However it’s a violation in case your physician offers your PHI to a member of the family or pal, or any member of the general public who requests it, when you haven’t signed paperwork permitting this. (By the way in which, when you do wish to be sure that somebody can discuss to your medical doctors about your healthcare data, you’ll must signal waivers supplied by the medical apply, or make that individual your well being care proxy.)

In the event you’d wish to be taught extra about particular rights below HIPAA, see this Well being Info Privateness web site.

What about HIPAA and vaccination standing?

As famous, HIPAA doesn’t stop anybody from asking you about your vaccination standing. And there’s nothing in it that prohibits companies, similar to eating places, gyms, or film theaters, or your employer from asking you for proof of vaccination. Lastly, HIPAA privateness guidelines don’t stop you from answering questions on whether or not you’ve been vaccinated.

It’s your choice to inform others whether or not or not you’ve been vaccinated (and no matter whether or not you expose this data, I hope the reply is sure). After all, when you resolve to not disclose that data to your employer, you’ll probably be thought of unvaccinated, and that might result in adjustments in how or the place you’re employed, and even to lack of your job. However once more, that’s unrelated to HIPAA.

The underside line

If a pal, a relative, or an ideal stranger asks you about your vaccination historical past, or some other query about your well being, you might contemplate it impolite, nosy, or inappropriate. Nevertheless it’s not unlawful. And when you select to not reply, don’t blame HIPAA.

Comply with me on Twitter @RobShmerling

Commenting has been closed for this submit.

Leave a Reply