Serving Southeast Michigan For Over 30 Years.

Is it a HIPAA violation to ask about the COVID-19 vaccine?

The pandemic has drummed up many questions surrounding the Health Insurance Portability and Accountability Act (HIPAA), including what it is and who it applies to. In particular, a number of employers have wondered if it is a HIPAA violation to ask about the COVID-19 vaccine?

What is HIPAA?

HIPAA (not to be confused with the commonly misspelled “HIPPA”) established a national platform of consumer privacy protection and marketplace reform. Some key provisions include insurance reforms, privacy and security, administrative simplification, and cost savings.

To implement HIPAA, the U.S. Department of Health and Human Services (HHS) issued the “Standards for Privacy of Individually Identifiable Health Information” which established a set of national standards to address the use and disclosure of individuals’ health information – called “protected health information (PHI) – by organizations subject to the Privacy Rule – called “covered entities” – as well as standards for individuals’ privacy rights to understand and control how their health information is used.

Covered entities

HIPAA defines covered entities to include healthcare providers (physicians, psychologists, dentists, chiropractors, pharmacies, hospitals, diagnostic and treatment centers, federally qualified healthcare centers). Health plans, including health insurance companies, HMOs, company health plans, and government plans such as Medicare and Medicaid are also covered entities. Healthcare clearinghouses – entities that process nonstandard health information that they receive from another entity – are considered covered entities as well.

Unless permitted by HIPAA, covered entities may not disclose PHI. However, HIPAA allows covered entities to disclose positive test results for COVID-19 to local health departments, the CDC, or HHS.

Is it a HIPAA violation to ask for proof of vaccine status?

In general, HIPAA rules do not apply to employers or employment records. HIPAA only applies to HIPAA-covered entities – healthcare providers, health plans, and healthcare clearinghouses – and, to some extent, to their business associates.

Therefore, it is not a HIPAA violation for most employers to ask employees if they’ve received the COVID-19 vaccination.

Help is available

Employers, government entities, or individuals with questions regarding HIPAA may contact the attorneys at O’Reilly Rancilio by calling 586-726-1000 or by visiting

Categories: Business

For More Information

  • This field is for validation purposes and should be left unchanged.

Press Room

Congratulations to O’Reilly Rancilio founding member, attorney John Nitz, on receiving Distinguished Volunteer recognition from Advancing Macomb. Mr. Nitz is a fou… Read More
Attorney Sean M. Colonna has joined O’Reilly Rancilio P.C. as an associate in the firm’s estate planning, business law, and litigation and disputes practice area… Read More
Read More From Our Press Room


The U.S. Equal Employment Opportunity Commission (EEOC) recently posted updated and expanded technical assistance related to the COVID-19 pandemic, addressing questi… Read More
Business owners want to know where you shop, what products you like, what you may want to buy in the future, and much more. Data brokers are companies that utilize t… Read More
Read More From Our Blog