It Is Not a HIPAA Violation to Ask About Vaccination Status
The Claim
U.S. HIPAA laws protect everyone from having to disclose their vaccination.
News posted on
Emerging story
The Centers for Disease Control and Prevention recently announced that fully vaccinated people could go maskless in many settings. This news has led some who do not wish to be vaccinated to state that it is a violation of HIPAA to have to disclose their vaccination status.
Similar statements regarding HIPAA and vaccination disclosures have previously been made regarding vaccine passports, and they appear to also be making a resurgence with this new CDC guidance.
Additionally, on May 18th when a one journalist asked Representative Marjorie Taylor Greene if she had been vaccinated, she allegedly shouted at him that he was violating HIPAA laws.
Misbar’s Analysis
Misbar’s investigation has determined that it is not a HIPAA violation to ask someone’s vaccination status or to implement vaccine passports. For example, a business can ask a customer about their vaccination status, and the customer has a right to refuse to answer. They may also be legally asked to leave the premises.
One of America’s top medical schools, University of Michigan, Ann Arbor, has stated that HIPAA, which stands for Health Insurance Portability and Accountability Act, is one of the U.S.’s most misunderstood medical laws. The source clarifies that HIPAA laws only apply to certain organizations and individuals, namely clinicians, hospitals, and other health care entities. They also state that HIPAA does not universally protect people from having to disclose their health information.
Healthcare lawyer Abbye Alexander explains that employers can ask employees if they are vaccinated but that HIPAA would apply if the employer asked the employee’s healthcare provider for vaccination confirmation. In that instance, the employee would need to provide their employer with written authorization to access this information. She also stated that employers would be restricted from asking employees to disclose vaccine information in regards to a disability, due to the Americans with Disabilities Act. This situation is easily avoidable by employers asking employees for their vaccination status while making it clear that they are not requesting further medical information.
The same logic applies to so-called vaccine passports. As Becker’s Health IT states, HIPAA does not prevent companies such as airlines from requesting documentation of vaccine status. However, as formal documentation is protected health information, they have to follow privacy and identity theft laws, meaning that they have a duty to protect any vaccine data that they have received from their customers.
Lastly, HIPAA privacy information is readily available on the U.S. Department of Health & Human Services website. This site clearly states that the privacy rule within HIPAA applies to health plans, health care providers, health care clearinghouses and the business associates/business associate contractors of these entities.
