Health Data Privacy in the Age of the COVID Pandemic
By: Natalie Cheng
As an increasing number of people receive vaccines and health care is delivered virtually through telemedicine, one topic that has come up numerous times is data privacy. People want to know if their personal information is safe, if it will be used or sold elsewhere, etc. There are already rules and regulations in place to protect health information in the form of HIPAA. The Health Insurance Portability and Accountability Act is a federal law that was created to protect patient information from being disclosed without the patient’s consent or knowledge.
In March 2020, new federal rules were released that would allow patients to put their medical records on smartphones. These rules will give patients more control over their health records and a greater say in health care decisions. According to KHN, the rules will “put an end to a long-standing practice in which some doctors and hospitals resist handing complete medical files over to patients upon demand. Many of the provisions are set to take effect in 2022.” Concerns over privacy have been raised as technology companies open new markets for providing patient medical information through mobile apps. People don’t want their data sold or used without their authorization. Officials have noted that they would require developers to attest to plans to protect the security and use of medical data.
In terms of the vaccine, there have been some areas of concern for data privacy including vaccine registration and reporting and vaccine passports.
When it comes to registering for a vaccine and entering in your personal health information, the organizations or vaccine administrators must follow HIPAA rules and regulations. According to Bloomberg Law, “the CDC says it needs personally identifiable data to monitor vaccine uptake and allow healthcare providers to verify the proper administration of doses. Health information from states—including which vaccine was administered and where it was given—populates several CDC datasets used to track and coordinate vaccinations. Much of the data is stripped of personal identifiers pursuant to federal privacy laws.” The pandemic has certainly pushed the topic of tracking vaccinations to the forefront of conversation and concern. According to Shannon Hartsfield, a health attorney, “There are ways to share key data points that allow authorities to work to protect public health while still protecting privacy.”
When it comes to vaccine passports, there’s been differing opinions on this information. According to Becker’s, many are concerned that a vaccine passport would violate HIPAA protections. Healthcare organizations must already comply with HIPAA standards, but what happens when vaccine passports are used for travel? Organizations outside of physicians, hospitals, and health insurers must follow state privacy and identify theft policies. According to Jeff Drummond, a healthcare regulatory lawyer, “once they get the data, they have to protect it. They have to notify you if there’s a breach, but other than that, that’s the end of their obligation under either HIPAA or Texas state law.” Unfortunately, carrying around a vaccine card that has health information on it won’t bring all the HIPAA protections with it.
As with anything, people must make sure that they are taking precautions to keep their own data safe as well and acknowledge the fact that some key information needs to be shared with authorities in order to protect public health during this pandemic.
Are you an organization looking for a vaccine management solution that is HIPAA compliant and has hospital grade data security? Innoculate is our HIPAA compliant secure vaccine management solution that is currently being used across the United States. Reach out to us for a quick demo of our Innoculate vaccine management solution to see how to streamline your operation and decrease burden on your team.