HIPAA and non-medical businesses

May 28, 2021

The Health Insurance Portability and Accountability Act (HIPAA) is frequently misunderstood, especially when it comes to vaccine status. Let’s set the record straight and clarify what HIPAA does and doesn’t cover.

What HIPAA Actually Does

HIPAA, enacted in 1996, serves several purposes:

  • Protects health insurance coverage: It allows employees to continue coverage after leaving a job.
  • Establishes rules for health plans: It sets standards for group health plans and life insurance.
  • Safeguards medical information: This is the part most people focus on, but it’s more nuanced than you might think.

HIPAA’s Limited Scope

HIPAA only applies to specific “covered entities” directly involved in healthcare, such as:

  • Doctors and healthcare providers
  • Hospitals and clinics
  • Health insurance companies
  • Other entities that handle medical information

Crucially, this means HIPAA does not apply to most businesses, like restaurants, grocery stores, or even law offices.

How HIPAA Protects Information

HIPAA ensures medical information flows securely between healthcare providers, insurers, and other relevant parties. This might involve anonymizing data or implementing safeguards to protect patient privacy. This right is enforced by the Department of Health and Human Services. Notably, there is not a private right of action in HIPAA. A private right of action means that people can sue, nit just the governmental agency given enforcement rights. Without it, there is no right to sue.

What HIPAA Doesn’t Do

  • Prevent you from sharing your health information: You’re free to tell anyone about your health, including your vaccine status.
  • Stop businesses from asking about your health: HIPAA doesn’t regulate what questions businesses can ask.

The Vaccine Status Question: No Different Than Other Health Inquiries

Think about it: we share health information all the time. Your smartwatch tracks your heart rate, you might disclose dietary restrictions to a waiter, and social media platforms likely already have a good idea about your health habits.

Asking about your vaccine status is no different than asking about these other aspects of your health. If you’re uncomfortable answering, you can decline – but be prepared for potential consequences, like being denied service or asked to take additional precautions.

The Bottom Line

While HIPAA protects your medical information in specific situations, it doesn’t prevent businesses from inquiring about your vaccine status. Remember, you have the right to choose whether or not to disclose your personal information, but be prepared to accept the consequences of that choice.

Disclaimer: The information contained herein is general and should not be construed as legal, medical, or financial advice.