Are the Vaccine Cards That You Are Now Collecting Subject to HIPAA?

COVID rules are confusing and ever-changing.  The CDC changes its mind so frequently on who and how to quarantine that the rules may change twice during your quarantine period and we are still waiting (as of the moment I am writing this at least) to see whether the Supreme Court is going to uphold the law on vaccine mandates (you can learn more about that here).  However, there is one constant as it relates to COVID and that is HIPAA.  Over the course of the pandemic, we have received inquiries of many kinds relating to whether certain information relating to someone having COVID, being exposed to COVID or being vaccinated is protected by HIPAA.  Regardless of the nature of the question, the answer remains the same – NO!

Information that you collect on the health of your employees is not subject to HIPAA.   Proof of vaccination status is no different.  We know this is confusing because a vaccination record is absolutely individual health care information.   However, it is not protected by HIPAA because you are collecting it as the employer (opposed to the health care provider who gave the vaccine or the group health plan that paid for the vaccine).

In general, employers are not subject to HIPAA.  To be a covered entity under HIPAA, the entity must be a health care provider, a health care clearinghouse or a group health plan.  So while employers that sponsor self-insured group health plans are subject to HIPAA, the actual employer is not subject to HIPAA.  Therefore, when you as an employer collect a vaccination card, that card is not protected by HIPAA.  Now that doesn’t mean that you can post those cards on the bulletin board in the break room or store them in a public place on your intranet.  They are still confidential medical records protected by other state and federal laws and should be stored in the employees’ confidential medical personnel file and should only be shared with those that have a need to know the information.

If you have questions about HIPAA or how to navigate COVID and the ever-changing rules, please contact any member of the Graydon Employee Benefits team.


Search this Blog

Media Contact

Recent Posts

Jump to Page

Necessary Cookies

Necessary cookies enable core functionality such as security, network management, and accessibility. You may disable these by changing your browser settings, but this may affect how the website functions.

Analytical Cookies

Analytical cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.