THE CONVERSATION – The Health Insurance Portability and Accountability Act’s Privacy Rule is a federal law prohibiting health care providers, businesses and the people working with them – including administrative staff, laboratories, pharmacies, health insurers and so on – from disclosing your health information without your permission.
When people talk about HIPAA, they typically refer to the Privacy Rule provision established in 2003, which is just one part of a broader law initially passed by Congress in 1996.
The Privacy Rule came into force after tennis star Arthur Ashe’s HIV status was publicly revealed and country music star Tammy Wynette’s health records were sold to tabloids. People were starting to worry about genetic privacy.
“Sometimes people try to use HIPAA as an excuse for actions it doesn’t actually cover. For instance, some people who refused to comply with coronavirus-related mask rules in stores asserted that they couldn’t be asked to explain why because of HIPAA protections. But that’s not how this privacy law works…”
And Congress recognized that the internet would make it easier for health care privacy breaches to occur … (STORY CONTINUES BELOW)
Baffling Marjorie Taylor Greene Comment Becomes Instant Meme
HUFFINGTON POST – Rep. Marjorie Taylor Greene (R-Ga.) gave an odd excuse for not disclosing her vaccination status Tuesday that became fast fodder for social media memes.
The far-right lawmaker held a press conference after she was temporarily suspended from Twitter for spreading COVID-19 misinformation, an activity she makes a habit of both online and off.
She was asked by a reporter if she had been vaccinated and whether she agreed with House Minority Whip Steve Scalise (R-La.), who announced over the weekend he had received his first dose of the Pfizer shot and was confident in vaccine safety and efficacy.
Greene apparently didn’t want to share her own vaccination information. A vaccination announcement, like Scalise’s, could encourage hesitant supporters to take the vaccine as the highly contagious delta variant surges around the country.
“Your first question is a violation of my HIPAA rights,” Greene replied. “You see, with HIPAA rights, we don’t have to reveal our medical records and that also involves our vaccine records.”
That’s not correct. HIPAA applies to medical providers, insurers and other health care entities that have access to medical records. It gives individuals rights and limits over what entities can access their health information.
It doesn’t prevent a reporter from asking about your medical history. And it doesn’t prevent anyone from saying whether they’ve been vaccinated … SOURCE.
(CONTINUATION OF STORY FROM THE CONVERSATION…)
Why the HIPAA Privacy Rule matters
The HIPAA Privacy Rule gives you the right to control your health information disclosures so you can tell your health care provider what to share.
If you don’t want to share some of your health information with your family members, you can tell your health care provider to withhold that information from them.
However, HIPAA only protects health care information held by specific kinds of health care providers. For example:
- Health care data on your Apple Watch or Fitbit is not usually covered by HIPAA.
- Genetic data you enter on websites like Ancestry.com is also not covered by HIPAA.
Other laws or agreements like the privacy disclosures required on many apps may protect that information, but HIPAA does not.
Sometimes people try to use HIPAA as an excuse for actions it doesn’t actually cover. For instance, some people who refused to comply with coronavirus-related mask rules in stores asserted that they couldn’t be asked to explain why because of HIPAA protections.
But that’s not how this privacy law works: It’s legal for someone to ask you about your vaccination status. And anyone can provide information about their own vaccination status (or any personal health information) without violating HIPAA.
Are there exceptions to the HIPAA Privacy Rule?
Certain exceptions to HIPAA’s nondisclosure requirements allow covered health care providers to disclose patient information to help treat another person, protect public health and aid in certain law enforcement investigations.
During a pandemic, for instance, public health departments can provide information about how many people have tested positive for a disease, but they cannot mention specific names to the general public unless it’s necessary to alert particular people that they may have been exposed.
This is because HIPAA and other privacy laws require them not to release any more information than is needed to keep people safe.
Portions of this article originally appeared in a previous article published on Oct. 15, 2020.