0
Vaccines and HIPAA: Why employers can ask for proof of vaccination

JOPLIN, Mo. – “There has been a lot of confusion about HIPAA,” says Carrie Foote, Director of Compliance, Quality and Risk Management at Access Family Care. “When the mask mandate was in place in the City of Joplin, a lot of people thought that when they walked into a retail shopping area that no one could ask them why they weren’t wearing a mask. They’d say that no one could ask them because it was a HIPAA violation. Well, that’s not actually a HIPAA violation.”

According to the U.S. Department of Health and Human Services, the Health Insurance Portability and Accountability Act, more commonly known as HIPAA, was enacted on August 21, 1996. The act required the Secretary of HHS to issue privacy regulations governing health information and records, if Congress did not enact privacy legislation within three years of the passage of HIPAA.

The Privacy Rule published by HHS applies to health plans (insurance providers), healthcare clearinghouses and healthcare providers, and prevents those entities from releasing a patients’ protected heath information without the consent of the patient.

HIPAA has been a source of confusion once again recently, as many businesses and employers loosen their mask requirements, saying that if a customer or employee is fully vaccinated they don’t have to wear a mask. But many have claimed that business’ can’t ask if they’ve been vaccinated because it would be a violation of HIPAA. But Foote says that’s not the case.

“In reality, anyone can ask someone else, ‘Why won’t you wear a mask?’ Or, ‘Have you been vaccinated?’ That doesn’t mean that a person has to tell anyone, cause we still have a right to not tell our personal information. But it is not a HIPAA violation,” explains Foote.

And she explains that it works in much the same way between employees and their employers.

“An employer could say, ‘If you want to not wear a mask, I need to see proof that you’ve been vaccinated.’ And then that would be up to the individual if they provided that proof or not. I’m sure some employers are not asking for proof, and some are. But that’s just going to be dependent on the employee and the employer,” says Foote. “A HIPAA violation would be if a store contacted a health care facility, and that health care facility released that patients medical information. That would be a HIPAA violation.”

Foote also explains that employers can also legally require that their employees get vaccinated. But that’s not quite as cut and dry.

“I have not seen any personally that are requiring this vaccine because there are certain religious or certain medical exemptions that a person would have to not receive any vaccine. So, most employers are not mandating that,” says Foote.

If you do believe that your private medical information was disclosed by a health care provider, insurance company or healthcare clearinghouse without your permission, you can file a complaint here: https://www.hhs.gov/hipaa/filing-a-complaint/index.html

Leave a Reply

Your email address will not be published. Required fields are marked *