Finding common ground between HIPAA and the COVID-19 vaccine

Doctors and scientists agree that the COVID-19 vaccine is critical in helping the world move past the pandemic. As countries around the world roll out vaccine programs to the public, governments and vaccine providers need to address a variety of administrative challenges: maintaining patient privacy, managing vaccine distribution schedules, and ensuring access for people of all ages.

While it’s important to develop an efficient vaccine program, medical professionals also need to ensure the security and privacy of protected health information (PHI). In the United States, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) set specific rules for reforming the industry, protecting patients’ privacy, and watching out for each individual’s needs.

Industry changes affecting HIPAA and the COVID-19 vaccine

As with other medical services and care, the new vaccine program requires a delicate balance between supporting public health activities and protecting patient information. Keeping patient information private is always a top priority, and providers need to do what they can to make that happen in the current circumstances.

Here are a few of the ways COVID-19 has impacted HIPAA privacy:

  • Relaxed HIPAA enforcement. Even though HIPAA regulations are still in place, the U.S. Department of Health and Human Services (HHS) has chosen to relax the enforcement of HIPAA, leaving healthcare providers to act in good faith.
  • More digital interactions. Social distancing makes it more difficult for patients and doctors to meet for face-to-face conversations. As a result, medical providers are offering alternative options, such as videoconferencing and written consultations. This increase in digital interactions has created more potential for privacy concerns. For example, some medical providers started using telemedicine tools before having a business associate agreement (BAA) in place.
  • Information sharing with public health authorities. Even though HIPAA requires patient authorization before medical providers can share PHI, these rules change in a public health emergency. Healthcare providers can offer patient information to health departments or the Centers for Disease Control (CDC) without violating HIPAA rules.
  • Increased data sharing. Data sharing, such as via national and worldwide databases, is vital for tracking the spread of the virus, but there are many unknowns about this data sharing, such as whether sharing PHI could lead to HIPAA violations.

While HIPAA applies to covered entities — such as doctors, insurance companies, and medical providers — many providers are concerned about having health conversations with the family and friends of patients. There may be cases where a patient isn’t able to provide consent for the medical provider to disclose information to their family or friends.

Vaccine passports and HIPAA protections

There are other unique challenges that come with the introduction of COVID-19 vaccines. Organizations and businesses are working to maintain the safety of their employees and customers, and many wonder whether knowing who has been vaccinated would be helpful. There’s a lot of discussion about using a vaccine passport as a way for people to prove their vaccination status so they can participate in certain activities.

Of course, there are questions about whether non-medical businesses can require customers to show these cards to access services. The personal information and treatment details included on a vaccine card or passport would be classified as PHI.

HIPAA protects against someone obtaining a person’s PHI without their consent, but people can voluntarily share their medical information. So it’s up to each patient to determine whether or not they’ll disclose information to businesses outside of the medical industry.

HIPAA-friendly solutions for vaccine management

The increased sense of urgency created by the vaccination process may cause people to overlook certain aspects of HIPAA, but everyone is still required to comply with HIPAA rules to protect patient information.

Jotform provides a variety of HIPAA-friendly tools that help medical providers and pharmacies administer the vaccine. Whether you need to collect information from patients or set up and manage their appointments, there’s a form template to fit your needs.

Here’s an overview of some of the forms you can use to manage vaccine administration and patient privacy:

If you’re a medical provider or any other entity managing PHI, you can rest assured that Jotform’s form templates provide a safe, secure way to collect information. (Please note that you must have a Gold, or Enterprise plan to enable features that help with HIPAA compliance.)

Plus, Jotform Tables gives you the ability to analyze and evaluate that information. You can choose from a variety of HIPAA-friendly tools to support workflows and other everyday tasks in your practice and make it easier to protect your patients’ privacy.

AUTHOR
Jotform's Editorial Team is a group of dedicated professionals committed to providing valuable insights and practical tips to Jotform blog readers. Our team's expertise spans a wide range of topics, from industry-specific subjects like managing summer camps and educational institutions to essential skills in surveys, data collection methods, and document management. We also provide curated recommendations on the best software tools and resources to help streamline your workflow.

Send Comment:

Jotform Avatar
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Podo Comment Be the first to comment.