HIPAA is woefully misunderstood, and I’ve encountered much wrong information about it during this pandemic.
winter birds, Cook County Forest Preserve
The Washington Post explains
HIPAA, also known as the Health Insurance Portability and Accountability Act of 1996, and its subsequently added Privacy Rule include provisions to protect a person’s identifying health information from being shared without their knowledge or consent. The law, though, only applies to specific health-related entities, such as insurance providers, health-care clearinghouses, health-care providers and their business associates.
That means that even if your friend, favorite restaurant or grocery store were to publicly share private details about your health, they would not be in violation of HIPAA because they aren’t one of the “covered entities,” Gatter said.
There are other federal and state confidentiality laws that may require employers and schools to protect your privacy. And, experts emphasized, there is nothing in HIPAA that bars asking people about their health — including vaccination status — or requiring proof that the information is accurate.
“It’s not really a prohibition on asking, it’s a prohibition against sharing,” said Kayte Spector-Bagdady, an associate director at the Center for Bioethics and Social Sciences in Medicine at the University of Michigan. The law, she added, “doesn’t mean you never have to tell anyone about your health information.”
HIPAA has become one of the “most misunderstood statutes in existence,” said Glenn Cohen, a Harvard Law School professor who is an expert on health law and bioethics. “People think it does a lot more than it’s actually doing.”
The misconceptions about the law likely stem from people widely using it in conversation as a “shorthand for privacy,” said Joshua Sharfstein, a public health professor at Johns Hopkins University. If someone is asked a question about their health that they view as intrusive, he said, they might say, “I can’t tell you because of HIPAA,” when what they actually mean is that they consider the information private.
Many people also seem to have a problem spelling HIPAA properly, and as one Twitter aficionado opined, perhaps this is a sign of long-haul COVID-19?
Especially HIPPA instead of HIPAA https://t.co/MdMx5zylQv
— Seth Anderson (@swanksalot)