![]() Requesting or requiring existing or prospective employees to provide documentation of their COVID-19 or flu vaccination status.Moreover, because the Privacy Rule does not regulate employers, it does not generally prevent employers from asking their workforce for information (or requiring the provision of information), including health information, that is needed as part of the terms of condition of employment. In other words, nothing prevents an individual from voluntarily sharing whether they have been vaccinated. The FAQs also emphasize that because the Privacy Rule does not regulate individuals, an individual is never prohibited from disclosing to another person or entity information about the individual’s vaccination status. The point of the FAQs is that the Privacy Rule does not apply. Note that in each of these examples, other federal or state laws may come into play. An individual asks a company (e.g., a home health agency) whether its workforce members are vaccinated.An individual asks another individual, their doctor, or a service provider whether they are vaccinated.An individual is asked by a school, employer, store, restaurant, entertainment venue, or another individual about their vaccination status.(With limited exceptions, a covered entity may only use or disclose an individual’s PHI for purposes of treatment, payment, or healthcare operations unless it first obtains written authorization.)īelow are examples of situations the FAQs outline where a request for an individual’s vaccine status does not implicate the Privacy Rule: At this point, that information is considered PHI and the provider or health plan is bound by the Privacy Rule’s requirements with respect to how it may use or disclose that information. The Privacy Rule does become implicated once a covered entity (e.g., a provider or a health plan) knows a person’s vaccination status. Second, the FAQs clarify that no entity (whether a covered entity or not) is prohibited from asking about another person’s vaccination status therefore, employers may request this information from employees, and providers or other covered entities may request this information from individuals. The Privacy Rule does not regulate employers, and it does not regulate individuals. The FAQs begin by emphasizing that the Privacy Rule regulates “covered entities,” which includes health plans (including employer-sponsored health plans), providers, healthcare clearinghouses, and to some extent, business associates. How covered entities are permitted to use and disclose PHI under the Privacy Rule.The difference between information that is considered protected health information (PHI) and other types of information (e.g., employment information) and.The entities to which the Privacy Rule applies (covered entities, and to some extent, business associates).In a series of five questions and answers, the FAQs clarify: On September 30, 2021, the HHS issued a set of frequently asked questions addressing common issues and misconceptions related to employee vaccines and the HIPAA privacy requirements (the Privacy Rule). The FAQs state that once a covered entity has information regarding an individual’s vaccination status, that information is considered PHI and the covered entity may only use or disclose that information as permitted by the Privacy Rule or with written authorization from the individual. ![]() The FAQs provide examples of situations where a request for an individual’s vaccination status does not implicate the HIPAA Privacy Rule.The FAQs address to whom the privacy rule applies, what constitutes protected health information (PHI) and permitted uses and disclosures of PHI.In September, the Department of Health and Human Services (HHS) released a set of frequently asked questions (FAQs) addressing Health Insurance Portability and Accountability Act (HIPAA) privacy requirements and employee vaccines.
0 Comments
Leave a Reply. |