What to Know About HIPAA in Regards to Disclosing Vaccination Status

To disclose vaccination status, or not to disclose vaccination status? That is the question that many Americans are asking at this stage in the Covid-19 Pandemic, as vaccines are widely available and the Delta Variant continues to surge. Many businesses and public venues are open for business once again, but what should you say when they stop you at the door and ask about your status? Can employers fire you for failing to produce vaccine proof? When asked, are you required to answer, or is it a HIPAA violation? What information are employers and businesses actually entitled to ask about? Many people have begun to insist that asking about one's status is a HIPAA violation, citing a HIPAA privacy rule they read about online. The truth is, those individuals have likely heard the term but aren't familiar enough with the HIPAA rules to know for sure. HIPAA is not a catch-all term for 'the right to privacy,' and the reality is more complicated than you might think. If you're looking for the correct answer to vaccination status questions, learning more about what constitutes a HIPAA violation can help. This article will answer any questions you might have about HIPAA laws and the Covid-19 vaccine. Read on to learn what your rights are when it comes to disclosing vaccination status.

What Is HIPAA Actually For?

The first step toward understanding what constitutes a HIPAA violation is understanding why these laws exist. Whether you're the individual queried about your vaccination status or the waiter checking vaccine cards at the door, knowledge is power. HIPAA stands for the Health Insurance Portability and Accountability Act. Lawmakers created these policies in 1996 when digital medical data was a new phenomenon. At the time, there were concerns about the security of digital health data. HIPAA laws first came to exist to help individuals maintain medical continuity. If you lose your job and must switch insurance providers, you may need to electronically transfer your medical records. HIPAA came about to protect that data. Phone calls from medical professionals also fall under HIPAA law. HIPAA specifically covers the release of your medical data. It only covers medical data known as PHI or Protected Health Information. The laws tell us that you must provide consent before providers can transfer or share your PHI in specific instances.

What Is PHI, or Protected Health Information?

There are a few guidelines that classify your personal records as PHI. Foremost, HIPAA law only covers health information considered to be "individually identifiable." That refers to information including your name, date of birth, address, and other specific information. PHI also refers to information about a past diagnosis. This includes both physical and mental diagnoses and any healthcare you may have received for either. It also covers details about payments you may have made to cover those treatments. Because HIPAA refers to the release of information, it applies to individuals with access to your PHI. This includes your healthcare providers and anyone who deals with medical billing or insurance. These individuals must keep PHI confidential and defend it against any security threats. There are some instances when providers can share your PHI without explicit permission. This is in cases in which lifesaving medical intervention may be necessary. It also happens when submitting bills to insurance or when required by law. In essence, it would be a HIPAA violation if your doctor provided PHI to your friend, family member, or neighbor. It has nothing to do with the individual asking for the information. If asking is a HIPAA violation, the individual trained on HIPAA law would deny the request for information. Outside of the medical setting, HIPAA law does not apply.

Is Vaccination Status PHI?

Vaccination status is not individually identifiable and does not reflect a diagnosis. As vaccination is free in the United States, there is no information about payment status to disclose. Therefore, vaccination status is not considered Protected Health Information. Anyone may ask you about your health history or vaccination status at any time. This includes your employer and any businesses or venues that you may frequent. HIPAA law does not have anything to do with whether or not you personally answer any medical questions posed to you by any individual. That means that business owners are within their rights to ask about your vaccination status at the door. It is entirely your decision whether or not to answer. If you choose not to disclose, those individuals might assume you are not vaccinated and deny you service. Nothing to do with asking or answering questions about your vaccination status is in any way related to HIPAA privacy rules. Individuals, whether politicians, celebrities, or private citizens, who claim they "consider" disclosure a violation of HIPAA law are incorrect.

Does HIPAA Protect Mask Exemptions?

As early as 2020, fake mask exemption cards became available online. These cards claim that the cardholder has a medical condition that would make masking difficult or impossible. Many of these cards perpetuated untrue information about HIPAA law. The false cards claim that, due to HIPAA, the cardholder is not required to answer any questions about the medical condition that prevents mask-wearing. As discussed, HIPAA is not relevant in this instance. Anyone can ask about the condition, and the cardholder can choose whether to respond. If someone presents you with a card that makes such a claim and cites HIPAA, the card is fake. Even if the cardholder has a medical condition, a doctor will not provide such a card. Asking you to wear a mask is also not a HIPAA violation.

Can Employers Fire You for Failing to Disclose Vaccination Status?

In the United States, employers can impose a general vaccine mandate on their employees. If such a policy exists, employers are within their rights to terminate any employee based on failure to get the vaccine. It is a health and safety work rule and is completely legal. Whether or not you have received the vaccine, choosing not to disclose your status can put your employment situation at risk. If you fail to disclose, your employer can choose to assume that you are not vaccinated. They can legally terminate your employment based on the lack of confirmed status. Ultimately, it is up to individual employers to decide whether or not to require the Covid-19 vaccine as a condition of employment. Some employers may not require vaccination.

Can Business Owners Ask You to Leave a Business for Failing to Disclose Vaccination Status?

Restaurants and many other public-facing businesses experienced Covid-related closures, which hit them hard. As a result, many have implemented 'No Vax, No Service' rules upon reopening. They require you to present proof of vaccination or a recent negative Covid-19 test before you can enter. These requirements also do not fall under HIPAA laws. In most states, businesses can legally ask about your status at any time. You are still within your rights to decline to disclose, but the business can still deny service based on your response. This is not the case in all states, however. In the state of Florida, for example, the law prohibits businesses from asking about vaccination status. In New York City, the law requires you to show proof of at least one dose of the vaccine before you can enter a restaurant. Refer to your specific state or local laws to better understand your rights in these scenarios. Regardless, HIPAA is a federal law. It is not related to any situation in which anyone requests your proof of vaccination.

Understanding the Connection Between HIPAA and Vaccination

Ultimately, questions about your vaccination status are not HIPAA violations in any situation. The federal HIPAA law exists to protect your data in the medical setting. Outside of the medical setting, anyone can ask you about your vaccination status, and you can choose whether to answer. What you reveal to others remains your choice. However, it's also important to recognize that your willingness to disclose vaccination status can affect your employment status. Businesses and restaurants can ask you to leave if you choose not to respond to questions about vaccination status. All medical professionals know these laws well. The law requires that professionals receive training in what does and does not constitute a violation of HIPAA law. If you want to learn more about HIPAA law, HIPAA Exams offers many courses for medical professionals and business associates. They are an accredited IACET provider. Visit the website for more information about how HIPAA Exams can ensure that you're in compliance.