COVID-19 Mask Mandates and the Intent of HIPAA Law
By Lisa Boston– Associate Vice President, Compliance, QHR Health
Due to the upsurge of COVID-19 cases, many states have now mandated the wearing of masks in public. Unfortunately, Americans have started a practice of “mask shaming”, by berating others publicly for wearing, or not wearing, a mask. The questioning of someone for their use of a mask has many wondering if this may be an invasion of privacy. The desire for personal privacy has inaccurately identified approaching someone about their use of a mask as a violation of HIPAA. However, this identification is not true and we should remind our community of the intent of the HIPAA law.
- HIPAA only apples to health care covered entities who conduct transactions electronically.
- Covered entities are health care providers, health care insurers, and health care clearinghouses.
- Covered entities may not disclose protected health information received from a patient or claim unless it is permitted under HIPAA, or specific permission has been granted.
- A business owner can inquire why a person is not wearing a mask and it is not a HIPAA violation. A person telling another person the reason why they are not wearing a mask is also not a HIPAA violation.
- For example, a hardware store owner posts a notice that all patrons must wear a mask while in the store. If a patron chooses not to wear a mask, the owner may question the patron. The patron sharing the medical reason why they cannot wear a mask is not a violation of HIPAA. The hardware store is not a HIPAA covered entity that transmits transactions electronically. Similarly, another patron overhearing the reason why the patron cannot wear a mask is not a HIPAA violation.
- The solution to the problem may be the simple consideration of personal privacy. The patron can state they have a valid reason to not wear the mask; and they are not required to elaborate. The store owner can accept the answer, or elect to press the issue and ask the patron to leave if the patron does not comply with the store’s policy.