Do Vaccine Passports Violate HIPAA? Let's Discuss.

Learn more about The Health Insurance Portability and Accountability Act of 1996 (HIPAA)  and how it protects sensitive health information from being disclosed without the patient’s consent or knowledge. Plus, we go through a complete break down on Vaccine Passports in the US, the good and the bad, all while trying to answer the question that is on everybody's mind: Do vaccine passports violate HIPAA? Or do they not?  

Understanding Vaccine Passports & HIPAA

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) is a federal law that required the creation of national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge. The US Department of Health and Human Services (HHS) issued the HIPAA Privacy Rule to implement the requirements of HIPAA. The HIPAA Security Rule protects a subset of information covered by the Privacy Rule.

The Privacy Rule standards address the use and disclosure of patients health information (protected health information) by covered entities subject to the Privacy Rule. Furthermore, it also contains standards for patients rights to understand and control how their health information is used. There are four kinds of covered entities:

  • Healthcare Providers
  • Health Plans
  • Health Clearinghouses
  • Business Associates

Covered entities are allowed to use and disclose protected health information, without the patient's authorisation, exclusively for one of the following reasons:

  • Disclosure to the individual.
  • Treatment, payment, and healthcare operations.
  • Opportunity to agree or object to the disclosure of PHI.
  • Incident to an otherwise permitted use and disclosure.
  • Public interest and benefit activities.

That being said, do vaccine passports violate HIPAA? Or do they not?

According to several reports recently published gathering expert opinions from sources dedicted to compliance within the healthcare sector, including one by The Washington Post, although HIPAA is used to protect sensitive medical information, it only applies to how physicians, hospitals and health insurers share a patient's information with third-party entities. Meaning, vaccine passports qualify as protected health information, but an airline, for example, is not a healthcare provider. Of course, an airline is obliged to follow state privacy and identity theft policies but it isn't affected by HIPAA. Therefore, it can be concluded that vaccine passports, although they can be considered as a violation of privacy, do not precisely violate HIPAA regulations.

A couple weeks ago, Anthony Fauci, MD, director of the National Institute of Allergy and Infectious Diseases, went on Politico's 'Dispatch' Podcast and said that the federal government will not mandate COVID-19 vaccine passports for businesses or events. Dr. Fauci said COVID-19 passports are being developed by private companies and businesses will decide whether they adopt them with little involvement from the federal government.

It is only logical that, just like public opinion, state policies are equally polarised. New York became the first state to launch a COVID-19 vaccine passport on March 26, and the state now uses IBM's passport for events and other large gatherings. A week later, on April 2, Florida Gov. Ron DeSantis signed an executive order prohibiting the use of COVID-19 vaccine passports in the state, banning any government entity from issuing vaccine passports and preventing businesses from requiring any such documentation of consumers.

Either in agreement or disagreement with this analysis, in favor or against the passports in question, it seems like they are here to stay, bringing with them positive aspects and raising valid concerns.

Some positive aspects of vaccine passports include:

  • They allow holders to return to normality or at least a new normality.
  • This return to normality, for those holding the passport in question, potentially encourages hesitant people to take the shot, increasing the number of inoculated people.

Some concerns regarding vaccine passports include:

  • Privacy: Allowing businesses to access people’s healthcare information can be considered a violation of privacy.
  • Fakes: Many counterfeit COVID-19 passports are being sold online by anonymous traders.
  • Discrimination: Communities or individuals who haven’t had the chance to get a shot, or are simply more skeptical about taking the vaccine at all, would be treated unequally.
  • False Safety: It can create a false sense of safety as the number of mutations rapidly increases and it is unclear if all vaccines will be effective against all future mutations of the virus. Furthermore, research still needs to be made as it is unknown whether vaccinated people can contract an asymptomatic case of COVID-19.

Learn more about Alyne's Content Library and the comprehensive mapping of The Health Insurance and Accountability Management Act (HIPAA), covering not only section 164.3xx (Security Standards), but also the rules outlined in section 164.4xx (Breach Notification) and section 164.5xx (Privacy Aspects).

Learn more about Alyne’s RegTech capabilities in the healthcare industry in this episode of our podcast: The RegTech Report.

ZurückWeiter
Javier Gutierrez

Related Posts

Avoid ESG-Related Issues with the Help of Alyne

In this new article, we discuss the heightened regulatory focus on ESG related issues as of recent events involving Deutsche Bank’s asset-management arm, DWS Group, currently under investigation over claims of inflated credentials of many ESG-labeled investment products. Furthermore, learn how Alyne can provide your organisation with cutting-edge ESG Governance, Risk and Compliance (GRC) capabilities that you can apply from the very beginning of your ESG program, right through to a fully quantified ESG Value at Risk.
Weiterlesen

The Business Value of Process Automation with Alyne Library

The Alyne Library provides business leaders with tangible business value by automating processes that generate deep insights into the often complex compliance process. In this article, Co-Founder and CFO of Alyne, Matthias Danner, summarises the 3 key benefits that the Alyne Library delivers, from policy to value.
Weiterlesen

Internal Controls and the Shifting Wave of Focus

Looking at the focus areas of internal controls since 2000, it is clear to see how the tide has shifted back and forth in the priorities of corporations. In this article, Alyne's Regional Head of Sales, Claudia Howe discusses the impact of poor internal controls systems and events that have shifted the attention between operational internal control systems and Internal Control over Financial Reporting (ICFR). How do organisations maintain the balance of well performing ICS throughout all business practices? Additionally, the article looks at the new financial reporting law in Germany: Finanzmarktintegritätsstärkungsgesetz (FISG).
Weiterlesen