If you’re invited to a wedding or some other event, and the host asks for your COVID-19 vaccination card, do HIPAA’s healthcare data privacy laws apply? And are there risks in sharing this information even if the event isn’t medically relevant?
More than a year after the COVID-19 pandemic put the world on lockdown, the U.S. is becoming the global leader in COVID-19 vaccinations. As a result, public and private gatherings — from sporting events and concerts, to parties and weddings — are happening again, albeit with health safeguards in place. The most common preventive measure that hosts and vendors are taking is requiring guests to present their COVID-19 vaccination cards.
But whether you’re the guest, the event host, or the event vendor, there are precautions you will need to take to assure medical privacy, says Wedad Suleiman, of Chapman Law Group’s Healthcare Compliance practice group.
On a recent edition of Wedding Industry Law video podcast, she touched on the differences in medical data privacy for the non-healthcare venue versus the medical setting, as well as best practices for storing and purging proof of guests’ COVID-19 vaccination.
Yes. As Wedad explains to podcast host Rob Schenk, the information on your COVID-19 vaccination card is a record of your immunization history. It is similar to receiving an annual flu vaccine and having it placed on your medical record.
No. HIPAA only protects health information in the healthcare setting, Wedad says, such as a doctor’s office, pain management clinic, hospital, or urgent care facility. HIPAA is regulatory in the healthcare sector, and every health care organization must have policies and procedures in place for protecting personal health information (“PHI”). However, if an airline, travel service, wedding host or vendor, or some other non-medical group asks for proof of COVID-19 vaccination as a requirement for admission, HIPAA would not apply.
Even though HIPAA is not in effect in the non-healthcare setting, a state or other jurisdiction’s privacy laws may apply depending on how the vendor uses and stores the COVID-19 vaccination card information.
As Wedad points out, the vendor could be violating state law for using the guest’s COVID-19 vaccination information for unintended purposes. A wedding vendor would be breaking the law for saying that vaccination proof is strictly for health and safety purposes at the event, then goes and repurposes that information for something else that the guest never consented to as part of the event.
Just like with credit card numbers, a non-healthcare service should have standards in place to protect the customer/guest from having their confidential information — in this case, the COVID-19 vaccination card — disclosed in a data breach.
Wedad advises having the information password-protected, with a two-factor authorization process in place, as well as a record retention and purging policy, which would make sure the private information is destroyed after the event is over.
If your healthcare practice needs help with HIPPA matters, from data breaches to HITECH, we at Chapman Law Group can assist with all of your healthcare compliance needs. In our national compliance practice, our HIPAA and healthcare compliance attorneys stay abreast on HIPAA rule and regulation changes, to give your healthcare practice the professional advice needed to stay compliant. Contact us today to learn more about our services.
"*" indicates required fields
Miami Office
701 Waterford Way, Suite 340
Miami, FL 33126
Phone: (305) 712-7177
In “Physician Guide to Basic Compliance Concepts,” Chapman Law Group’s national healthcare compliance attorneys cover how to spot and avoid healthcare fraud, handling investigations and audits, and keeping your staff in the right.
The HHS lays out circumstances for which COVID-19-related PHI can be released to first responders – without the patient’s authorization but in compliance with HIPAA.
Doctors, nurses, pain management specialists beware: Disclosure outside of the exceptions or without patient consent can result in civil, criminal penalties
Michigan OFFICE
1441 W Long Lake Road
Suite 310
Troy, MI 48098
T. 248.644.6326
F. 248.644.6324
CALIFORNIA OFFICE
5250 Lankershim Blvd.
Ste. 500
North Hollywood, CA 91601
T. (818) 287-0576
FLORIDA OFFICES
6841 Energy Court
Suite 120
Sarasota, FL 34240
T. 941.893.3449
701 Waterford Way
Suite 340
Miami, FL 33126
T. 305.712.7177
Practice Areas
Attorneys
© CHAPMAN LAW GROUP. ALL RIGHTS RESERVED
