Even before the advent of social media and the ease of the rapid spread of health misinformation, the HIPAA privacy law has often been the subject of misinterpretation, The New York Times reported July 23.
"I often joke that even though it is five letters, HIPAA is treated as a four-letter word," I. Glenn Cohen, a bioethics and health law expert at Harvard University, told the Times. He said that physicians, too, have often used it as a reason not "to do something they don’t want to do, like providing a patient certain information by saying — perhaps believing it but being incorrect — 'well, that would be a HIPAA violation.'"
Then-President Bill Clinton signed HIPAA into law in 1996; one aspect of the law prevents certain people and organizations, including healthcare providers, insurers and health data clearinghouses, from sharing a patient's medical records without their explicit consent. However, the law is extremely "narrow," Mr. Cohen said.
"Whenever anyone says to you 'HIPAA prohibits that,' ask them to point to the portion of the statute or regulation that prohibits it. They often won’t be able to do so," he said.
Nothing in HIPAA prevents asking about someone's health, such as vaccination status, but some have turned to the law as a way to deflect questions. In July, Mark Robinson, lieutenant governor of North Carolina, falsely claimed on Facebook that President Joe Biden's door-to-door campaign to encourage COVID-19 vaccination and asking people whether they had gotten the vaccine was illegal under HIPAA, according to the report.
"The HIPAA laws are real and they do something important," said Tara Kirk Sell, a health security assistant professor at Johns Hopkins University, according to the report. "The misinterpretation of what it’s all about just adds to this firestorm of anti-vaccine sentiment."