How Does HIPAA Apply When It Comes to Your COVID-19 Vaccination Card and Public or Private Gatherings?

Doctor giving Covid-19 Vaccination

What You Need to Know About Your Medical Privacy If a Wedding Host Asks for Your COVID-19 Vaccination Card to Keep the Party Safe

If you’re invited to a wedding or some other event, and the host asks for your COVID-19 vaccination card, do HIPAA’s healthcare data privacy laws apply? And are there risks in sharing this information even if the event isn’t medically relevant?

More than a year after the COVID-19 pandemic put the world on lockdown, the U.S. is becoming the global leader in COVID-19 vaccinations. As a result, public and private gatherings — from sporting events and concerts, to parties and weddings — are happening again, albeit with health safeguards in place. The most common preventive measure that hosts and vendors are taking is requiring guests to present their COVID-19 vaccination cards.

But whether you’re the guest, the event host, or the event vendor, there are precautions you will need to take to assure medical privacy, says Wedad Suleiman, of Chapman Law Group’s Healthcare Compliance practice group.

On a recent edition of Wedding Industry Law video podcast, she touched on the differences in medical data privacy for the non-healthcare venue versus the medical setting, as well as best practices for storing and purging proof of guests’ COVID-19 vaccination.

Is My COVID-19 Vaccination Card Considered Protected Health Information Under HIPAA?

Yes. As Wedad explains to podcast host Rob Schenk, the information on your COVID-19 vaccination card is a record of your immunization history. It is similar to receiving an annual flu vaccine and having it placed on your medical record.

Would I Have the Same HIPAA Protection If I Showed My COVID-19 Vaccination Card to an Airline, Cruise Line, or Any Other Non-Healthcare Service?

No. HIPAA only protects health information in the healthcare setting, Wedad says, such as a doctor’s office, pain management clinic, hospital, or urgent care facility. HIPAA is regulatory in the healthcare sector, and every health care organization must have policies and procedures in place for protecting personal health information (“PHI”). However, if an airline, travel service, wedding host or vendor, or some other non-medical group asks for proof of COVID-19 vaccination as a requirement for admission, HIPAA would not apply.

Would I Have Any Form of Protection If I Voluntarily Show My COVID-19 Vaccination Card to a Non-Healthcare Entity?

Even though HIPAA is not in effect in the non-healthcare setting, a state or other jurisdiction’s privacy laws may apply depending on how the vendor uses and stores the COVID-19 vaccination card information.

As Wedad points out, the vendor could be violating state law for using the guest’s COVID-19 vaccination information for unintended purposes. A wedding vendor would be breaking the law for saying that vaccination proof is strictly for health and safety purposes at the event, then goes and repurposes that information for something else that the guest never consented to as part of the event.

Are There Safeguards Hosts/Vendors Should Instill to Prevent COVID-19 Vaccination Card Data Disclosure?

Just like with credit card numbers, a non-healthcare service should have standards in place to protect the customer/guest from having their confidential information — in this case, the COVID-19 vaccination card — disclosed in a data breach.

Wedad advises having the information password-protected, with a two-factor authorization process in place, as well as a record retention and purging policy, which would make sure the private information is destroyed after the event is over.

Our Healthcare Compliance Attorneys Can Advise You on HIPAA Violations, HIPAA Privacy Matters, Data Breaches, Other HIPAA Compliance Concerns

If your healthcare practice needs help with HIPPA matters, from data breaches to HITECH, we at Chapman Law Group can assist with all of your healthcare compliance needs. In our national compliance practice, our HIPAA and healthcare compliance attorneys stay abreast on HIPAA rule and regulation changes, to give your healthcare practice the professional advice needed to stay compliant. Contact us today to learn more about our services.

Need an Attorney? Contact us now!

.

  • This field is for validation purposes and should be left unchanged.

Related Attorneys

Wedad Suleiman, LL.M.

Attorney

Healthcare Compliance, Civil Litigation

Michigan Office
1441 W. Long Lake Road, Suite 310
Troy, MI 48098
Phone: (248) 644-6326

Recent Posts

Related Posts

Blog Categories

Blog Archives

Got A Question?

Call now to schedule a consultation.
Chapman Law Group Favicon

This website uses cookies to ensure you get the best experience on our website.

Send this to a friend