Huge HIPAA implications for new OSHA vaccination mandates.

Homepage | Forums | Main Forums | CORONA Virus / COVID-19 | Huge HIPAA implications for new OSHA vaccination mandates.

Viewing 6 reply threads
  • Author
    Posts
    • #453368
      jbnw
      Participant
      • Total Posts: 6,439

      RT has the story at https://www.rt.com/usa/539376-biden-vaccine-mandate-lawsuit/ , and the link to the draft in the Code of Federal Regulations at https://public-inspection.federalregister.gov/2021-23643.pdf .

      According to a draft entry in the Federal Register, all firms with more than 100 employees – no matter how many locations these employees are spread across – will be required from January 4 to ensure that these employees are “fully vaccinated” against Covid-19. Employers will be asked to keep vaccination records for their staff, and workers who refuse the jab will be required to submit to regular testing and wear face masks to work in most cases.

      Penalties for employers refusing to enforce the mandate start at around $14,000 per violation, and increase to around $136,000 for further willful breaches. Federal inspectors will check businesses for compliance.

      However, the agency has given no indication that it will stop at large corporations, and wrote that it “needs additional time to assess the capacity of smaller employers” to comply with the rules. To that end, the agency is calling for recommendations when it comes to making the temporary mandate permanent, for expanding it to all sectors of the workforce, and for implementing mask rules even for vaccinated employees.

      As I used to teach Healthcare Privacy and Security at a medical school, the sentence “Employers will be asked to keep vaccination records for their staff” drew my attention, as it’s PHI (protected health information with onerous requirements. I went to the draft in the Federal Register – it says the same thing in VI.E..

      “As discussed more fully below, maintenance of records in accordance with this paragraph is subject to applicable legal requirements for confidentiality of medical information.”

      Protecting PHI, and the cost of leaks for PHI, can have huge fines, and is very public. Take a look at the Health & Human Services breach list, colloquially known as the Wall of Shame at https://ocrportal.hhs.gov/ocr/breach/breach_report.jsf .

      Good luck, businesses. Not only are you now the vaccine police and subject to penalties for not tracking vaccinations, but you are also to subject to HHS fines if that information is leaked, just like any healthcare system. Even to just one person. Even if someone looks at another person’s record.

      HIPAA and related laws have massive requirements.

    • #453370
      NV Wino
      Moderator
      • Total Posts: 8,471

      “As we act, let us not become the evil that we deplore.” Barbara Lee
      “Politicians and pro athletes: The only people who still get paid when they lose.” William Rivers Pitt

    • #453451
      retired liberal
      Participant
      • Total Posts: 4,452

      About masks and encouraging their use by everyone. Also telling us the truth about the differences of three different vaccines from the get-go and kept people up to date with new information, as it came available.

      We are an arrogant species, believing our fantasy based "facts" are better than the other person's fake facts.
      The older we get, the less "Life in Prison" is a deterrent.
      Always wear a proper mask when out and about. The life you save could be both yours and mine.
      Don't forget that the S in IoT stands for Security.

    • #453473
      kelly
      Participant
      • Total Posts: 389
    • #453491
      salemcourt
      Participant
      • Total Posts: 3,075

      It depends on how much Pharma is willing to pay the democrats if they will stick to this plan.  It is an insane and wholly unnecessary plan.

    • #453503
      HassleCat
      Participant
      • Total Posts: 7,868

      Pass a law that says privacy of health information is absolute, then enact a regulation that says “not so much, sucker.” HIPPA has been valuable in reventing employers from knowing what ailments and conditions their employees might have. I know from personal exprience that some employers want to get rid of employees who have certain health issues, or any health issues, or that matter. I don’t see how vax mandates can succeed. It would be far better to offer a $500 or $1,000 reward to anyone who gets vaxxed.

    • #453524
      Bernie Boomer
      Participant
      • Total Posts: 570

      Nevada decided that state employees (I work in higher ed) have to have vaccination. Then they decided that asking us to show our vaccine card was too onerous . . . so they gave the institutions access to the state health department database; if for some reason, you aren’t in that database, you have until the end of this month to pony up proof (or do the weekly test thing). They get around HIPAA because (I think) it’s government agency to government agency. Still massively annoying, because I don’t think the HR department at my institution has the collective brain power of a sand flea.

      • #453559
        jbnw
        Participant
        • Total Posts: 6,439

        That makes them business entities, in HIPAA parlance. I hope they are prepared for the required HIPAA regulations – but as sand fleas, I doubt it.

        • #453563
          Bernie Boomer
          Participant
          • Total Posts: 570

          It doesn’t seem right to me, but when I brought it up I was informed (with suitable serious face and tone) that they were ONLY capturing the Covid vax data. Now that is total BS, of course, but I can’t prove they have my entire vaccine record without a struggle that I’m not prepared to undertake without financial backing.
          Nevada gets away with a lot of stuff with its state employees, being right-to-work.
          How it’s going to work in the private sector? That is the question.

          • #453564
            jbnw
            Participant
            • Total Posts: 6,439

            From the Code of Federal Regulations ( https://www.ecfr.gov/current/title-45/subtitle-A/subchapter-C/part-160 )

            Health information means any information, including genetic information, whether oral or recorded in any form or medium, that:

            (1) Is created or received by a health care provider, health plan, public health authority, employer, life insurer, school or university, or health care clearinghouse; and

            (2) Relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual.

            And one small correction – it makes them a business associate, defined as

            (i) On behalf of such covered entity or of an organized health care arrangement (as defined in this section) in which the covered entity participates, but other than in the capacity of a member of the workforce of such covered entity or arrangement, creates, receives, maintains, or transmits protected health information for a function or activity regulated by this subchapter, including claims processing or administration, data analysis, processing or administration, utilization review, quality assurance, patient safety activities listed at 42 CFR 3.20, billing, benefit management, practice management, and repricing; or

            as they are receiving protected health information.

            Good luck to the sand fleas when ANY of that leaks. Or is accessed. Or when someone asks to see the record of who has accessed their information (all covered by HIPAA and HITECH laws and regulations).

          • #453566
            jbnw
            Participant
            • Total Posts: 6,439

            It’s a 400 or so page regulation to digest, and “As discussed more fully below, maintenance of records in accordance with this paragraph is subject to applicable legal requirements for confidentiality of medical information.” is just one line, though there is another section I need to read.

            Hmm – it’s going to be a good business for some consultants. Not good for businesses, but it’ll be interesting to see how it goes as they are forced to collect and protect PHI . . .


            @bernieboomer

            • #457171
              Bernie Boomer
              Participant
              • Total Posts: 570

              People (like you) who know the regulation are going to be – at least they should be – much in demand.

              I may wait a few months and then ask to see who has accessed my data. I bet I have to quote chapter and verse to get the information.

              • #457174
                jbnw
                Participant
                • Total Posts: 6,439

                I believe that part is in the HITECH act – and if they didn’t know of and prepare for it, they won’t be able to do it.

                • #457560
                  Bernie Boomer
                  Participant
                  • Total Posts: 570

                  and move to belligerent denials for things they aren’t supposed to do – or should have done, but didn’t.
                  It’s how they roll.

                  December 1st will be interesting; the higher ed system has an employee mandate and that date is the last day to prove vaccination (or valid reason for not getting it). Termination follows non-compliance.

Viewing 6 reply threads
  • You must be logged in to reply to this topic.