Faced with the Covid-19 virus running rampant for more than a year, governments are pushing hard to vaccinate their populations in the hopes that they can reduce the spread of the virus and save lives. Many are taking this a step further and advocating or mandating the use of vaccine passports as a way to further pressure the unvaccinated into getting vaccinated. But what about privacy? Don’t you have a right to keep your health details private? Doesn’t this violate the HIPAA regulations? Shouldn’t vaccination status be considered the same way that any other medical information is treated, as a private matter between individuals and their medical providers?
HIPAA is the Health Insurance Portability and Accountability Act outlining the access that others have to your medical records and identifying the requirements and rules for accessing your medical records. It applies to covered entities like doctors, medical groups, and facilities (hospitals and labs). It also applies to people involved in paying for your care, like Medicare, health insurance companies, Social Security disability, Workers’ Compensation, and OSHA. Still others might gain access like child protective services, law enforcement and subpoenas, as well as you and those who care for you.
Some of the access to your medical records is specific information, like that used by insurance companies, but sometimes the data is aggregated and anonymized. This may be for statistical purposes, research, data mining, fund raising, and more.
Your employer does not have access to your medical information. If an employer required your medical information, for example to see if you were vaccinated, you would have to give them written permission.
So we’ve identified the limited set of people or agencies that can legally gain access to your medical records. That doesn’t necessarily mean that those records are “safe”.
Now that records are digitally stored, computers are the gatekeepers to our private data. The Department of Health and Human Services’ Office for Civil Rights (OCR) is responsible for the oversight of this information. The group audits, fines, and mandates corrective actions for violations of the HIPAA.
(Find out more at their website: (https://www.hipaajournal.com/what-are-the-penalties-for-hipaa-violations-7096/)
From 2009 to 2019 there were 231 million medical records exposed in 3,054 healthcare data breaches.
In 2020, Premera Blue Cross had the highest fines and penalties for a data breach of 10.5 million individual records. Premera settled the violations for $6,850,000.
Now, back to the idea of vaccine passports and restaurants/bars requiring a passport for entrance. There have been applications developed for passport use. These applications are asking you to provide your data to them. They are not bound by HIPAA as they are not medical providers with a need for your information. They are not legally required. There is no centralized database of vaccinated persons that they access. So before you decide to give them your personal information consider this:
- You give your information freely for access to their establishment.
- Are you just giving them the information you fill in, or do they get access to your medical records?
- You give them ammunition to use for or against you
- You are allowing them to identify you
- You don’t how they will use your information
- You don’t know how well they will safe-guard your data on their computers
- You don’t know how many people already have access to their system
Remember, once you hand over access, you don’t get it back. Once you let the genie out of the bottle you can’t put it back in. Why do they really need your information?
And what information do you need? Perhaps you should ask the restaurant or bar owners and servers for their health information. Don’t we have the right to know if our servers and food handlers have had Hepatitis B or C? Should we know if they are HIV or AIDs positive? Should we ask if they were vaccinated for Covid-19? Or the last time they were tested for Covid-19?
Maybe even an assumption of liability in the event your information gets released into the public. How will they compensate you for that loss? Something to think about.
Photo by vjohns1580 from Pixabay
Leave A Comment
You must be logged in to post a comment.