On August 20, 2021, Juliana Reno was quoted in USA Today on whether the Health Insurance Portability and Accountability Act (HIPAA) prevents individuals from sharing their COVID-19 vaccination status.
According to the article, the privacy portion of HIPAA, which went into effect in 2003, states that an insurance company, doctor, or pharmacy can use medical information about a patient only to treat that patient. They can't sell it to someone else or use it for marketing. Some people have cited this law as a reason not to say whether they’ve had COVID-19 or are vaccinated.
The privacy portion applies only to what are known as "covered entities," generally healthcare plans and providers. An insurance company can't collect medical information and then turn around and sell it to a life insurance company. A doctor's office can't sell information about its patients and the drugs they take to pharmaceutical companies.
The law has done a good job protecting against such patient privacy breaches, experts say. Individuals, however, have total control over their own information and always have. "There's nothing that says an individual can't walk out onto a roadway and yell out, 'I have AIDS' or 'I'm vaccinated,'" said Reno.