Fact Check By: Craig Jones, Newswise

Truthfulness: False


Business asking for proof of COVID-19 vaccination is a HIPAA violation

Claim Publisher and Date: Instagram post, Rep. Marjorie Taylor Greene, R-Ga., etc on 2021-05-18

As businesses rework their mask requirements such as lifting face mask requirements for customers who are vaccinated against COVID-19, questions about medical privacy are back in the spotlight. The question of whether it's okay to ask a maskless patron if they've been vaccinated has come into focus. Vaccine opponents, including members of the U.S. Congress, are once again claiming that the HIPAA federal privacy law protects individuals from being asked about their vaccination status. We find this claim to be false. Health Insurance Portability and Accountability Act (HIPAA) applies only to healthcare related businesses (including insurance and medical providers.) According to the Health Information Privacy section of the U.S. Department of Health & Human Services website*, these entities (and the contractors associated with them) are required to follow the HIPAA rules:

  • Health Plans, including health insurance companies, HMOs, company health plans, and certain government programs that pay for health care, such as Medicare and Medicaid.
  • Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
  • Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Richard Tarpey, assistant professor of management, in Middle Tennessee State University’s Jones College of Business has this to say.

“The interpretation of the HIPAA requirements, as stated below, are a good indication of how few people actually understand the specifics of the law, even congressional members. The HIPAA law prevents a third party (must be a health care entity such as a health provider or insurer) from giving out your private health information without your permission. The law establishes the intended covered entities as well as protected health information. HIPAA does not apply to individuals or non-health care related businesses and therefore has no application to businesses who ask patrons if they have been vaccinated. People looking for rights to not be asked about vaccinations will need to seek relief elsewhere.”



Register for reporter access to contact details