December 6, 2021

Volume XI, Number 340

Advertisement
Advertisement

December 06, 2021

Subscribe to Latest Legal News and Analysis

OCR Guidance Regarding HIPAA’s Applicability to COVID-19 Vaccination Information

On September 30, 2021, the U.S. Department of Health and Human Services’ (“HHS”) Office for Civil Rights (“OCR”) issued guidance regarding when the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy Rule applies to disclosures and requests for information about a person’s COVID-19 vaccination status.

The guidance is a reminder that the HIPAA Privacy Rule applies only to HIPAA covered entities (and, in some cases, to their business associates) and does not apply to employers or employment records. HIPAA-covered entities are health plans, health care clearinghouses and health care providers that conduct standard electronic transactions.

The guidance addresses common workplace scenarios and answers questions about whether and how the HIPAA Privacy Rule applies. For example, the guidance explains that the HIPAA Privacy Rule does not regulate what information can be requested from employees as part of the terms and conditions of employment, even though other federal or state laws may address terms and conditions of employment.  The guidance also states that, under the Americans with Disabilities Act, documentation or other confirmation of vaccination must be kept confidential and stored separately from an employee’s personnel file.

In its press release, OCR stated that the information will be helpful to the public as the country continues to navigate the COVID-19 pandemic. OCR Director Lisa Pino stated, “We are issuing this guidance to help consumers, businesses and health care entities understand when HIPAA applies to disclosures about COVID-19 vaccination status and to ensure that they have the information they need to make informed decisions about protecting themselves and others from COVID-19.”

Copyright © 2021, Hunton Andrews Kurth LLP. All Rights Reserved.National Law Review, Volume XI, Number 279
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement
Advertisement

About this Author

In today’s digital economy, companies face unprecedented challenges in managing privacy and cybersecurity risks associated with the collection, use and disclosure of personal information about their customers and employees. The complex framework of global legal requirements impacting the collection, use and disclosure of personal information makes it imperative that modern businesses have a sophisticated understanding of the issues if they want to effectively compete in today’s economy.

Hunton Andrews Kurth LLP’s privacy and cybersecurity practice helps companies manage data and...

212 309 1223 direct
Advertisement
Advertisement
Advertisement