Reprinted from the NYTimes – by Aishvarya Kavi July 24th
How the HIPAA Law Works and Why People Get It Wrong
The measure prohibits health professionals from revealing your medical records, but it is perfectly legal to ask whether someone has been vaccinated.As September beckons people back to the office and the highly infectious Delta variant of the coronavirus spreads rapidly across the country, workplaces are navigating a range of challenges, including whether to require employees to be vaccinated or to reimpose mask mandates.
Some, including Representative Marjorie Taylor Greene, Republican of Georgia, are resisting those calls, as she falsely claimed this week that disclosing vaccination status “was a violation of my HIPAA rights,” the federal regulation that protects confidential health information.The Health Insurance Portability and Accountability Act, known as HIPAA, governs the privacy of a patient’s health records, but it is legal to ask Ms. Greene about her medical history. Still, her assertion reflects a misperception that has spread across social media and fringe sites as online misinformation and misstatements about vaccines help fuel a resistance to being inoculated.Here’s a look at what privacy protections HIPAA offers and why it is so frequently misinterpreted.
What is HIPAA?
In 1996, President Bill Clinton signed into law HIPAA, a broad piece of health and privacy legislation that helped update and regulate how health insurance was sold and how personal medical information was stored as electronic processing took hold.
One aspect of the law, the privacy rule, makes it illegal for certain people and organizations, including health care providers, insurers, clearinghouses that store and manage health data and their business associates, to share a patient’s medical records without the patient’s explicit consent. Those parties handle patient health records on a daily basis.
Does the law make it illegal to ask a person’s vaccination status?
No. The law applies only to companies and professionals in the health care field, although some people may incorrectly imply otherwise, as Ms. Greene did in suggesting that the measure offered Fifth Amendment-like protection against revealing personal health information. HIPAA is extremely “narrow,” said I. Glenn Cohen, an expert on bioethics and health law with the Harvard School of Law. “Whenever anyone says to you ‘HIPAA prohibits that,’ ask them to point to the portion of the statute or regulation that prohibits it. They often won’t be able to do so.”
Moreover, nothing in the law prohibits asking about someone’s health, be it vaccination status or proof that such information is accurate.Regardless, some have turned to the law as a pretext to deflect those questions, even though HIPAA is not applicable to employers, retail stores or journalists, among other parties.In July, the lieutenant governor of North Carolina, Mark Robinson, falsely claimed on Facebook that President Biden’s door-to-door campaign to encourage vaccination and asking whether residents have been inoculated were “illegal” under HIPAA.
It is at your discretion to disclose whether you have been vaccinated. No federal law prevents companies from requiring their employees to be vaccinated, though there are certain exceptions if you have a disability or a sincerely held religious belief.