Are You Vaccinated? Is This Question Against HIPAA
Are you vaccinated?
This question has become a touchy subject lately. However, can people actually ask you this question without violating any laws?
A lot of people on social media are saying that it is against HIPAA to ask if someone is vaccinated or not but this law does not protect us against this specific question.
According to the CDC, HIPAA, the Health Insurance Portability and Accountability Act of 1996 is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient's consent or knowledge. The keyword in this sentence is the word without. So when you are asked the question ‘are you vaccinated?’ you have complete control over the answer that you give. This means that HIPAA can not help you out in this situation. HIPAA only applies to doctors and insurance companies, not to private citizens.
Now keep in mind that when you are faced with this question you do have the right to not answer if you choose to do so, but the company or person asking the question also has the right to refuse service to you.
According to the CDC, these are the entities that have to abide by HIPAA:
The following types of individuals and organizations are subject to the Privacy Rule and considered covered entities:
- Healthcare providers: Every healthcare provider that electronically transmits health information in connection with certain transactions, regardless of the size of the practice. These transactions include claims, benefit eligibility inquiries, referral authorization requests, and other transactions for which HHS has established standards under the HIPAA Transactions Rule.
- Health plans: Entities that provide or pay the cost of medical care. Health plans include health, dental, vision, and prescription drug insurers; health maintenance organizations (HMOs); Medicare, Medicaid, Medicare+Choice, and Medicare supplement insurers; and long-term care insurers (excluding nursing home fixed-indemnity policies). Health plans also include employer-sponsored group health plans, government- and church-sponsored health plans, and multi-employer health plans.
- Exception: A group health plan with fewer than 50 participants that is administered solely by the employer that established and maintains the plan is not a covered entity.
- Healthcare clearinghouses: Entities that process nonstandard information they receive from another entity into a standard (i.e., standard format or data content), or vice versa. In most instances, healthcare clearinghouses will receive individually identifiable health information only when they are providing these processing services to a health plan or healthcare provider as a business associate.
- Business associates: A person or organization (other than a member of a covered entity’s workforce) using or disclosing individually identifiable health information to perform or provide functions, activities, or services for a covered entity. These functions, activities, or services include claims processing, data analysis, utilization review, and billing.