Is It a HIPAA Violation To Require Proof of Vaccination?

What is the HIPAA Privacy Rule?

One part of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 is the HIPAA Privacy Rule. This rule helps ensure that an individual’s protected health information is not disclosed without the individual’s knowledge or consent.

What places may require proof of vaccination?

As the COVID-19 pandemic continues, certain businesses and employers have begun requiring proof of full COVID-19 vaccination. For example, some employers require proof of vaccination before an individual can return to in-person work. Some cruise lines are requiring proof of vaccination before boarding a cruise ship. Even some grocery stores, bars and restaurants require proof of vaccination before allowing admittance to the premises.

Is it a HIPAA violation to require proof of vaccination?

However, is it a HIPAA violation for public or private places (other than medical settings) to require proof of vaccination? The HIPAA Privacy Rule generally only applies to health care plans and health care providers. The rule specifies that health care plans or providers and other “covered entities” are privy to certain health information but must ensure the confidentiality of that information. Private businesses and other establishments that are not defined as a “covered entity” are not subject to the rule.

The bottom line

Federal law does not prevent non-covered entities from requiring proof of vaccination; however, states can pass their own laws on this issue. The bottom line is that requiring proof of vaccination is not a HIPAA violation and is allowed in many cases.