How Does HIPAA Apply When It Comes to Your COVID-19 Vaccination Card and Public or Private Gatherings?
What You Need to Know About Your Medical Privacy If a Wedding Host Asks for Your COVID-19 Vaccination Card to Keep the Party Safe
If you’re invited to a wedding or some other event, and the host asks for your COVID-19 vaccination card, do HIPAA’s healthcare data privacy laws apply? And are there risks in sharing this information even if the event isn’t medically relevant?
More than a year after the COVID-19 pandemic put the world on lockdown, the U.S. is becoming the global leader in COVID-19 vaccinations. As a result, public and private gatherings — from sporting events and concerts, to parties and weddings — are happening again, albeit with health safeguards in place. The most common preventive measure that hosts and vendors are taking is requiring guests to present their COVID-19 vaccination cards.
But whether you’re the guest, the event host, or the event vendor, there are precautions you will need to take to assure medical privacy, says
Wedad Suleiman, of Chapman Law Group’s Healthcare Compliance practice group.
On a recent edition of Wedding Industry Law video podcast, she touched on the differences in medical data privacy for the non-healthcare venue versus the medical setting, as well as best practices for storing and purging proof of guests’ COVID-19 vaccination.
Is My COVID-19 Vaccination Card Considered Protected Health Information Under HIPAA?
Yes.
As Wedad explains to podcast host Rob Schenk, the information on your COVID-19 vaccination card is a record of your immunization history. It is similar to receiving an annual flu vaccine and having it placed on your medical record.
Would I Have the Same HIPAA Protection If I Showed My COVID-19 Vaccination Card to an Airline, Cruise Line, or Any Other Non-Healthcare Service?
No. HIPAA only protects health information in the healthcare setting, Wedad says, such as a doctor’s office, pain management clinic, hospital, or urgent care facility.
HIPAA is regulatory in the healthcare sector, and every health care organization must have policies and procedures in place for protecting personal health information (“PHI”). However, if an airline, travel service, wedding host or vendor, or some other non-medical group asks for proof of COVID-19 vaccination as a requirement for admission, HIPAA would not apply.
Would I Have Any Form of Protection If I Voluntarily Show My COVID-19 Vaccination Card to a Non-Healthcare Entity?
Even though HIPAA is not in effect in the non-healthcare setting, a state or other jurisdiction’s privacy laws may apply depending on how the vendor uses and stores the COVID-19 vaccination card information.
As Wedad points out, the vendor could be violating state law for using the guest’s COVID-19 vaccination information for unintended purposes. A wedding vendor would be breaking the law for saying that vaccination proof is strictly for health and safety purposes at the event, then goes and repurposes that information for something else that the guest never consented to as part of the event.