Finding common ground between HIPAA and the COVID-19 vaccine

Doctors and scientists agree that the COVID-19 vaccine is critical in helping the world move past the pandemic. As countries around the world roll out vaccine programs to the public, governments and vaccine providers need to address a variety of administrative challenges: maintaining patient privacy, managing vaccine distribution schedules, and ensuring access for people of all ages.

While it’s important to develop an efficient vaccine program, medical professionals also need to ensure the security and privacy of protected health information (PHI). In the United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) set specific rules for reforming the industry, protecting patients’ privacy, and watching out for each individual’s needs.

Industry changes affecting HIPAA and the COVID-19 vaccine

As with other medical services and care, the new vaccine program requires a delicate balance between supporting public health activities and protecting patient information. Keeping patient information private is always a top priority, and providers need to do what they can to make that happen in the current circumstances.

Here are a few of the ways COVID-19 has impacted HIPAA privacy:

  • Relaxed HIPAA enforcement. Even though HIPAA regulations are still in place, the U.S. Department of Health and Human Services (HHS) has chosen to relax the enforcement of HIPAA, leaving healthcare providers to act in good faith.
  • More digital interactions. Social distancing makes it more difficult for patients and doctors to meet for face-to-face conversations. As a result, medical providers are offering alternative options, such as videoconferencing and written consultations. This increase in digital interactions has created more potential for privacy concerns. For example, some medical providers started using telemedicine tools before having a business associate agreement (BAA) in place.
  • Information sharing with public health authorities. Even though HIPAA requires patient authorization before medical providers can share PHI, these rules change in a public health emergency. Healthcare providers can offer patient information to health departments or the Centers for Disease Control (CDC) without violating HIPAA rules.
  • Increased data sharing. Data sharing, such as via national and worldwide databases, is vital for tracking the spread of the virus, but there are many unknowns about this data sharing, such as whether sharing PHI could lead to HIPAA violations.

While HIPAA applies to covered entities — such as doctors, insurance companies, and medical providers — many providers are concerned about having health conversations with the family and friends of patients. There may be cases where a patient isn’t able to provide consent for the medical provider to disclose information to their family or friends. 

Vaccine passports and HIPAA protections

There are other unique challenges that come with the introduction of COVID-19 vaccines. Organizations and businesses are working to maintain the safety of their employees and customers, and many wonder whether knowing who has been vaccinated would be helpful. There’s a lot of discussion about using a vaccine passport as a way for people to prove their vaccination status so they can participate in certain activities.

Of course, there are questions about whether non-medical businesses can require customers to show these cards to access services. The personal information and treatment details included on a vaccine card or passport would be classified as PHI. 

HIPAA protects against someone obtaining a person’s PHI without their consent, but people can voluntarily share their medical information. So it’s up to each patient to determine whether or not they’ll disclose information to businesses outside of the medical industry.

HIPAA-compliant solutions for vaccine management

The increased sense of urgency created by the vaccination process may cause people to overlook certain aspects of HIPAA, but everyone is still required to comply with HIPAA rules to protect patient information.

Jotform provides a variety of HIPAA-compliant tools that help medical providers and pharmacies administer the vaccine. Whether you need to collect information from patients or set up and manage their appointments, there’s a form template to fit your needs.

Here’s an overview of some of the forms you can use to manage vaccine administration and patient privacy:

If you’re a medical provider or any other entity managing PHI, you can rest assured that Jotform’s form templates provide a safe, secure way to collect information. (Please note that you must have a Silver, Gold, or Enterprise plan to enable HIPAA compliance.)

Plus, Jotform Tables gives you the ability to analyze and evaluate that information. You can choose from a variety of HIPAA-compliant tools to support workflows and other everyday tasks in your practice and make it easier to protect your patients’ privacy.

This article is originally published on May 17, 2021, and updated on May 31, 2021.
AUTHOR
Firm believer in personal data privacy in the age of information. Close follower of the new regulations concerning patient confidentiality & HIPAA. You can reach George through his contact form. The views stated herein are for discussion only, and are not intended to constitute medical advice or any other advice, procedures, or guidelines for diagnosing or treating any medical condition or for any aspect of the practice of medicine.

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Comment:

Podo CommentBe the first to comment.