Some thoughts on the covid vaccination and HIPAA

Some thoughts on the covid vaccination and HIPAA 

Recently I was talking with a friend who is involved with a social group that has been on hiatus during the pandemic and now considering a return to in-person meetings. Someone in the group had stated that it is HIPPA violation to ask someone if they have been vaccinated.

Um, no.

HIPAA (Health Insurance Portability and Accountability Act of 1996) has provisions that protect the privacy of health information. It only applies to medical providers and others who have access to medical information as part of their jobs. It does not apply to anyone else. Your own information is your own, to share as you choose.

I have a private practice in mental health counseling. I am not allowed to share any information about any of my patients without their permission. If, for instance, an attorney requests info from me for a patient’s workers comp claim, I have to have signed permission from that patient to provide it. I can, however, write a summary of our sessions and give it directly to the patient, who can then share it as they see fit, because it is their information.

I can talk with others about my work in very general ways, but I have to be mindful not to share any details that might reveal the identity of a patient, even if I don’t use their name. This does not apply, however, to my relationships outside of my office. If I think that my father is not taking his medication correctly, HIPPA does not stop me from calling his doctor and leaving a message to that effect. But if the doctor calls me back and shares information about my father with me without permission, that is a HIPAA violation.

HIPPA applies to anyone who works in medical care, including doctors, nurses, and therapists, but also those working in housekeeping, food service, security and billing. If I work as a biller at a hospital and I see an insurance claim for my mother’s next-door-neighbor and I tell my mother about it, that’s a HIPAA violation. If, however, I see my mother’s next-door-neighbor at the store and they tell me about their medical condition, telling my mother is not a HIPAA violation, it’s just gossip.

Asking another person about their medical conditions or care may be nosy and rude, but it is not a HIPAA violation. This is going to come up more and more as we move towards a post-vaccine world. In most places, currently, vaccines are only available to those who meet certain criteria, and there have already been situations where someone gets testy because they think another has “jumped the queue.” If you have already gotten the vaccine because, for instance, you have diabetes, that is your information to share or not, but it may feel uncomfortable to have someone ask and insist on an answer. Still, rudeness is not a violation of HIPAA.

Increasingly we are going to see places of business requiring proof of vaccination. It will be interesting to see how this plays out. It is not a violation of confidentiality, it is a requirement for access. It is similar to security at airports (which are likely to be among the places that require proof). If you don’t want to take off your shoes to go through security, that’s fine, but you don’t get to fly on a commercial airliner. If you don’t want to show proof of vaccination, that’s fine, but you don’t get to fly on a commercial airliner. 

I’ve been doing therapy virtually for over a year. Now that I have received both doses of the vaccine, I will start seeing patients in person again, but only if they  have been vaccinated, too. Otherwise, they can continue virtually. My friend’s social group can decide to meet in person again but only with those who can show proof that they have been vaccinated, and that is not a HIPAA violation, even if some don’t agree with the decision.

April 4, 2021