![]() Sign a HIPAA authorization for a covered health care provider to disclose the workforce member’s COVID-19 or varicella vaccination record to their employer.Provide documentation of their COVID-19 or flu vaccination to their current or prospective employer.The following examples from OCR make clear that HIPAA does not prohibit a covered entity or business associate from requiring or requesting each workforce member to: The HIPAA rules generally do not regulate what information can be requested from employees as part of the terms and conditions of employment. This means that COVID-19 vaccination information maintained in connection with those plans, such as claims information, would be PHI subject to the HIPAA rules.ĭo the HIPAA rules prohibit a covered entity or business associate from requiring its workforce members to disclose to their employers or other parties whether the workforce members have received a COVID-19 vaccine?Īnother popular question and, again, the OCR’s answer is no. And, group health plans sponsored by employers are, in most cases, HIPAA covered entities. ![]() Including employment records held by covered entities or business associates in their capacity as employers.įederal anti-discrimination laws do not prevent an employer from choosing to require that all employees physically entering the workplace be vaccinated against COVID-19 and provide documentation or other confirmation that they have met this requirement, subject to reasonable accommodation provisions and other equal employment opportunity considerations.īut, again, once collected, vaccination information must be kept confidential and stored separately from the employee’s personnel files under Title I of the Americans with Disabilities Act (ADA). OCR reminds readers that the HIPAA rules do not apply to employment records: Of course, organizations that receive such information, including employers, still may have a duty to safeguard that information and keep it confidential.ĭo the HIPAA rules prohibit an employer from requiring a workforce member to disclose whether they have received a COVID-19 vaccine to the employer, clients, or other parties? Thus, the HIPAA rules do not prohibit a covered entity from receiving COVID-19 vaccination information about an individual. The OCR also reminds organizations that even if HIPAA applies, it regulates the use and disclosure of protected health information (PHI), not the ability to request information. ![]() But, HIPAA does not apply to entities functioning in their role as employers or to employment records. In general, covered entities include health plans, health care clearinghouses, and health care providers that conduct standard electronic transactions. It is important to remember that the HIPAA rules apply only to covered entities and business associates. The HIPAA Privacy Rule does not prohibit any person (e.g., an individual or an entity such as a business), including HIPAA covered entities and business associates, from asking whether an individual has received a particular vaccine, including COVID-19 vaccines. We have summarized some of the key points below.ĭo the HIPAA rules prohibit businesses or individuals from asking whether their customers or clients have received a COVID-19 vaccine? Today, in an effort to clarify some of these issues as they relate to COVID-19 vaccination data, the Office for Civil Rights (OCR), the agency responsible for enforcing the HIPAA privacy and security rules (the “HIPAA rules”), issued this guidance. However, HIPAA is often incorrectly applied in workplace settings. Of course, it is true that in most healthcare settings, HIPAA is the primary law governing the use and disclosure of individually identifiable health information. This has certainly been the case during the COVID-19 pandemic. ![]() When use or disclosure of an individual’s health information or medical records is at issue, the assumption seems to be, much more often than not, that the HIPAA privacy and security rules apply.
0 Comments
Leave a Reply. |