HIPAA and COVID vaccines: What Rep. Marjorie Taylor Greene and Cowboys quarterback Dak Prescott get wrong

With misinformation on the safety of the COVID-19 vaccine keeping millions of Americans from getting inoculated, an erroneous defense has been used to deflect questions about who has received a shot so far: that HIPAA privacy regulations outlaw such inquiries.

In a press conference on Tuesday, Rep. Majorie Taylor Greene, R-Ga., was asked whether she had been vaccinated. In response, she replied that the question was a “violation of my HIPAA rights.” HIPAA, the Health Insurance Portability and Accountability Act, was signed into law in 1996 by President Bill Clinton amid a nationwide push to digitize medical records.

“You see, with HIPAA rights, we don’t have to reveal our medical records, and that also involves our vaccine records,” Greene continued.

Rep. Marjorie Taylor Greene, R-Ga., speaks to the media about her suspended accounts on Twitter, on Capitol Hill on July 20.
Rep. Marjorie Taylor Greene, R-Ga., speaking on July 20 about her suspended Twitter accounts. (Jose Luis Magana/AP Photo)

Greene has been an outspoken opponent of vaccines and masks, especially if they are mandated by schools, businesses or governments. She was suspended from Twitter last Monday for her statement that COVID-19 is not dangerous for people unless they are obese or over the age of 65, and she has been outspoken in her belief that proof of vaccination, or vaccine passports, should be illegal.

Greene’s citation of HIPAA, critics say, continues her pattern of spreading health misinformation.

Dallas Cowboys quarterback Dak Prescott responded in a similar fashion when asked whether he was vaccinated. “I don’t necessarily think that’s exactly important. I think that’s HIPAA,” he said.

“It’s not necessarily something I’d like to share, or something I’d like to promote or say, ‘Hey, you should, you shouldn’t,’” Prescott said in an earlier interview with NBC.

Meanwhile, there has been a steep rise in the number of new coronavirus cases, hospitalizations and deaths in the United States, thanks to the spread of the Delta variant.

What is HIPAA?

HIPAA was created to simplify the administration of health insurance and to combat waste, fraud and abuse in health insurance and health care delivery, according to the HIPAA Journal.

In its privacy rule, HIPAA does make it illegal for certain people and organizations — including health care providers, insurers, health care clearinghouses and their business associates — to share a patient’s medical records without prior consent.

The law does not, however, prohibit employers, stores, journalists or other categories of individuals who are not involved in health care from asking for health information.

“I think that the major thing for people to understand with regard to HIPAA is that it’s very specific,” Ankit Shah, a pediatrician and lecturer at the University of Southern California, told the Los Angeles Times. “Health care entities have your information and are prohibited from sharing it without your consent. That’s it. That’s HIPAA.”

Is proof of vaccination illegal under HIPAA?

Anti-vaccine protesters in June gathered outside Madison Square Garden in New York ahead of a Foo Fighters' show, which required proof of vaccination to enter.
Anti-vaccine protesters outside Madison Square Garden in New York in June ahead of a Foo Fighters show, which required proof of vaccination to enter. (Andrew Kelly/Reuters)

No. Whether vaccination status is shared is left to an individual’s discretion.

It is not a HIPAA violation for businesses to require proof of vaccination or vaccine passports, because the law does not prohibit requests of information. Additionally, businesses outside the health care industry are not listed as “covered entities and business associates” under the HIPAA regulations. A violation of HIPAA would occur only if a doctor were to share vaccination information with a business or employer without the patient’s consent.

Vaccine passports can be issued only with the consent of the patient. When signing up for New York state’s Excelsior Pass, for instance, individuals need to accept an authorization to disclose, which obtains their consent to display their vaccination status.

“The website is not provided to you by a health care provider, so, as such, you are not providing protected health information for health care treatment, payment, or operations (as defined under Health Insurance Portability and Accountability Act (HIPAA),” the authorization states, clarifying that the Excelsior Pass does not violate HIPAA rules.

There are currently no federal laws that prevent asking about someone’s health, or laws that prevent businesses from requiring face masks and vaccinations. In its updated guidelines, the U.S. Equal Employment Opportunity Commission said that employers are allowed to establish mask and vaccine mandates as long as they are applied equally to all employees, with medical and religious exceptions, and as long as the medical information is stored separately from regular personnel files.

____

Read more from Yahoo News: