Do Vaccine Status Questions Violate HIPAA?

September 7, 2021
In light of the potential and emerging COVID-19 vaccination mandates, there has been a lot of talk about HIPAA and whether vaccine-related questions violate it.

Do Vaccination Status Questions Violate HIPAA?

Especially in light of the potential and emerging COVID-19 vaccination mandates, there has been a lot of chatter about HIPAA and what constitutes a violation of it. Although HIPAA was signed into law in 1996 and everyone has had to sign forms about it at the doctor’s office, there is still a great deal of confusion and uncertainty about what exactly the law covers and what actions are considered violations of it. 

Let’s answer some of the common questions down below: 

What is HIPAA?

HIPAA stands for the Health Insurance Portability and Accountability Act and was passed with a few different intentions, the most relevant of which in this case is ensuring the privacy and security of each individual’s protected health information (PHI). 

The Department of Human Services and Office for Civil Rights are the federal branches that investigate and hand out hefty fines for HIPAA violations. There are many ways to violate HIPAA including through a database breach, or improper handling or disclosure of protected health information. 

What Exactly is the Privacy Rule? 

The Privacy Rule's purpose is to protect every individual's personal and confidential, identifiable protected health information PHI). The rule states that throughout any healthcare operations, a  person's information must be protected at all times.

Are COVID-19 Vaccine Questions a HIPAA Violation?

No. HIPAA does not cover or prevent any person or entity from asking about vaccinations. Although the law exists in part to ensure the protection of a person’s PHI, what it means by that is the release of your PHI by others without your consent. It actually does not relate to you being asked or answering any questions about your healthcare information. 

Can My Employer Force Me to Get Vaccinated? 

Broadly speaking, no, nobody can force an individual to get vaccinated in the United States. However, employers typically do have the right to make getting the vaccination a condition of working for their company. Especially with at-will employment situations, employers are given the ability to set requirements such as this since both parties are working together at-will. 

The logistics of this question may vary for those working within a contract situation rather than at-will, and that would vary case-by-case depending on the text of the legal contract that was signed. 

Can Businesses Require Proof of Vaccination? 

Again, no, HIPAA does not prevent businesses such as shops, gyms, restaurants, or others to ask you for proof of vaccine before allowing you entry. You are not required to answer these questions but private business owners certainly have the right to deny entry to an individual who will not show this proof. If you are unwilling to show your vaccination proof, it will likely be assumed that you are unvaccinated which could present a challenge for gaining entry to certain locations, although that is again not related to HIPAA. 


Keep in mind the exception to these policies, that any person who does not take medicines or get vaccinations because of religious beliefs or disabilities would have certain protections under The Civil Rights Act of 1964.  

More information about this article and the legality of these requirements can be found in this report.

Compliance Managment Full Hexagon logo

Expert compliance support, on-demand

Accountable Compliance Success Managers are dedicated to making sure your company is fully compliant as we guide you step-by-step through the process of achieving HIPAA compliance.
Expert guidance
Build trust
Dedicated Compliance Success Managers
HIPAA Training
Decrease risk
Close more deals