On September 30, 2021, the Department of Health and Human Services (HHS) issued frequently asked questions (FAQs) on the application of the Health Insurance Privacy and Accountability Act (HIPAA) Privacy Rule on COVID-19 vaccination and the workplace.
The FAQs provide that the HIPAA Privacy Rule does not prohibit any person (an individual or an entity, such as a business) – including HIPAA-covered entities and business associates – from asking whether an individual has received a COVID-19 vaccine. Rather, the Privacy Rule regulates how and when a covered entity or its business associate may use or disclose protected health information (PHI), including information about an individual’s vaccination status.
In addition, the Privacy Rule does not prevent any individual from disclosing whether he or she has been vaccinated against COVID-19 or any other disease. The Privacy Rule does not apply to individuals’ disclosures about their own health information.
The Privacy Rule also does not prohibit an employer from requiring an employee to disclosure whether they have received a COVID-19 vaccine to the employer, clients or other parties. The Privacy Rule does not apply to employment records and does not regulate what information can be requested from employees as part of the terms and conditions of employment. However, documentation or other confirmation of vaccination must be kept confidential and stored separately from the employee’s personnel files under Title I of the Americans with Disabilities Act (ADA).
In addition, other federal or state laws do address terms and conditions of employment. Similarly, other state or federal laws address whether individuals are required to disclose whether they have received a vaccine under certain circumstances.
The information contained within these materials are confidential and not to be distributed. Use of and access to this information, site, or any of the links contained within this document does not create a relationship between the recipient and CoverEase.