Government agencies generally issue updates and guidance that expands the scope of their authority and takes an extraordinarily broad view of their powers (cough upcoming OSHA vaccine mandate cough). In a rather unusual move, HHS has issued guidance explaining what HIPAA does not cover. See HIPAA, COVID-19 Vaccination, and the Workplace.
Let me start by assuring you that HIPAA is, in fact, spelled with two As and one P. The full guidance has more in-depth answers, but the high level overview:
1. Does the HIPAA Privacy Rule prohibit businesses or individuals from asking whether their customers or clients have received a COVID-19 vaccine?No.2. Does the HIPAA Privacy Rule prevent customers or clients of a business from disclosing whether they have received a COVID-19 vaccine?
Not official use. No.3. Does the HIPAA Privacy Rule prohibit an employer from requiring a workforce member to disclose whether they have received a COVID-19 vaccine to the employer, clients, or other parties?No.4. Does the HIPAA Privacy Rule prohibit a covered entity or business associate from requiring its workforce members to disclose to their employers or other parties whether the workforce members have received a COVID-19 vaccine?No.
So, what does it do?
5. Does the HIPAA Privacy Rule prohibit a doctor’s office from disclosing an individual’s protected health information (PHI), including whether they have received a COVID-19 vaccine, to the individual’s employer or other parties?
Generally, yes. The Privacy Rule prohibits covered entities25 and their business associates26 from using or disclosing an individual’s PHI27 (e.g., information about whether the individual has received a vaccine, such as a COVID-19 vaccine; the individual’s medical history or demographic information) except with the individual’s authorization or as otherwise expressly permitted or required by the Privacy Rule.
I have seen a ton of misinformation flying around about HIPAA protections. So, while it is unusual to issue this kind of guidance, I also need absolutely no explanation for why they published it.
No comments:
Post a Comment