Uncovering the Myths Surrounding HIPAA, Masks, and Vaccines

We have stressed the importance of HIPAA repeatedly, but the complex nature of the law itself leaves a lot of room for confusion. There are already too many myths with regards to HIPAA and patient data security, and we have covered most of the common areas. 

That being said, the unprecedented change the COVID-19 pandemic has brought upon the world has come with more uncertainty where HIPAA is concerned. For example, masks and vaccination. 

So today, we are going to uncover the mystery related to masks, vaccines, including some popular HIPAA myths.

HIPAA Ready

HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Contact Us

The confusion regarding masks surfaced when the CDC provided new guidance stating that fully vaccinated people can take off their masks. This stirred up confusion because people were concerned about how much private information can they reveal about their health status. Many claimed that even asking if they are vaccinated or not is a HIPAA violation. 

Is it a HIPAA violation? Let’s see what the experts like Betsy Mewborn, the Director of Privacy and Centra, and Lauren Terry, the Associate Director of Health Information at Johnson Health Center, say about this.

• Myth 1: Everyone, including non-medical businesses, is required to abide by HIPAA

That is completely false. And Mewborn confirms that there is a misconception that people can’t personally share somebody’s health information, or that it is a HIPAA violation for someone to ask about their health information. A large number of people do not understand that HIPAA applies to covered entities and business associates only. 

Terry reaffirms by saying that businesses like restaurants or retail stores are not considered covered entities. Therefore, they can ask anything they want and HIPAA will not apply to these entities. 

Mewborn also adds that if you go to a store and claim that you have a health care condition hence, you not wearing a mask, the store can ask you about your healthcare condition without violating any HIPAA laws. 

• Myth 2: Providers can’t share patients’ medical information without their consent

A medical provider or a doctor can talk to any insurance company as regards bills rendered for services received. Doctors are also allowed to talk to family members visiting a patient after their surgery. 

• Myth 3: Employers can’t ask you about your vaccine status

Whatever information your employers have access to as the provider of your health insurance are all protected health information. You sharing any kind of information about yourself is not a HIPAA violation.

Also, for you to ask your coworkers about whether they got vaccinated or not is not a HIPAA violation. Similarly, you are not obligated to answer any questions regarding your vaccination, whether an employer asks you or not. Either way, for you to share your information is not violating any HIPAA rules. 

Need help with compliance? You’re in the right place

If you are struggling with HIPAA compliance, waste no more time and start using our HIPAA compliance software, HIPAA Ready. The robust compliance management app will help you manage all the activities in line with the law, starting from HIPAA training, to policy and procedure management to business associate management, risk management, and more. 

Sign up to try HIPAA Ready for free (no credit card required).