Greetings from Newfields, New Hampshire!
I've reached a breaking point regarding people implying the Health Insurance Portability and Accountability Act Privacy Rule has anything to do with basic non-medical questions. Examples of this have popped up most recently regarding public figures' COVID-19 vaccination statuses. It's not that I've had my head in the sand to this ongoing misunderstanding, and I'm not trying to sway folks one way or the other on the discussion of vaccines. I'm simply saying I hit my last nerve on this HIPAA debacle a week ago while scrolling through Twitter.
First, I saw U.S. Rep. Marjorie Taylor Greene, R-Ga., try to explain to a reporter that she was not obligated to publicly share her vaccination status because it was "a violation of my HIPAA rights." She added, "With HIPAA rights, we don't have to reveal our medical records, and that also involves our vaccine records." This take is factually incorrect.
Later in the week, Dak Prescott, quarterback for the National Football League's Dallas Cowboys, stepped up to the mic for a preseason media appearance where he, too, had his vaccination status questioned. Prescott responded, "I don’t necessarily think that’s exactly important. I think that’s HIPAA." Again, that's not correct.
WilmerHale Partner Kirk Nahra, CIPP/US, wrote a fantastic public service announcement about what the HIPAA Privacy Rule covers in a recent piece for Privacy Perspectives. Among the things not listed by Nahra as covered by HIPAA is the ability to answer a random question about one's vaccination status when a HIPAA-covered entity is not involved. So questions from the media or random everyday folk on the street regarding someone's status are completely fair and permissible. The invocation of HIPAA in the cases of Greene and Prescott are cop-outs, which they are more than allowed to throw out, but it's counterproductive to helping onlookers understand HIPAA.
These two public figures and others who have skirted questions on COVID-19 vaccination or testing status by using HIPAA have millions of people watching and hanging on their every word. Yes, it's up to those followers to educate themselves, but the trust and belief in word-of-mouth information is higher than ever. This is to say the misinterpretation of what HIPAA does is spreading like wildfire to the point that it will be tough to repair. The misunderstanding also comes as the HIPAA Privacy Rule is still being examined for potential modifications as it relates to coverage and protections.
So, before we continue to distort HIPAA coverage beyond its means and deface an otherwise useful law, I urge privacy pros reading this to help bring awareness to what the law and the privacy rule actually do to protect people. If not for my sanity, do it for fellow pros who are HIPAA-focused and simply worn down by the false claims.
I think Nahra hit the nail on the head while rounding out his PSA. He wrote, "So next time you are tempted to post something on Twitter, or argue with a store clerk, or otherwise loudly proclaim that 'HIPAA prohibits this,' think again. It might — but probably doesn’t." It's that simple, friends.
If you want to comment on this post, you need to login.