Printer Friendly, PDF & Email

OCR: HIPAA Doesn’t Preclude Vaccine Question, It Protects the Answer

There’s nothing stopping hospitals and other providers from asking patients whether they’ve been vaccinated for COVID-19 under HIPAA. Patients don’t have to answer, but if they do, the privacy rule kicks in, according to new guidance from the HHS Office for Civil Rights (OCR).[1] By the same token, HIPAA doesn’t apply to employment records or have anything to say about employer vaccination mandates and related documentation requirements.

“The Privacy Rule does not regulate the ability of covered entities and business associates to request information from patients or visitors. Rather, the Privacy Rule regulates how and when covered entities and business associates are permitted to use and disclose protected health information (PHI) (e.g., PHI about whether an individual has received a COVID-19 vaccine) that covered entities and business associates create, receive, maintain, or transmit,” the guidance explains.

And despite what’s on social media, HIPAA doesn’t apply when people are asked their vaccination status by other people, employers, restaurants, and anyone else that’s not regulated by HIPAA, OCR explained. People can reveal whether they got the shot or any health information and it has nothing to do with HIPAA.

This document is only available to subscribers. Please log in or purchase access.
 


This document is only available to subscribers. Please log in or register for complimentary access.

* required field