Stand up for the facts!
Our only agenda is to publish the truth so you can be an informed participant in democracy.
We need your help.
I would like to contribute
North Carolina Lt. Governor wrong about HIPAA
If Your Time is short
- North Carolina Lt. Gov. Mark Robinson, a Republican, is a vocal critic of coronavirus vaccines.
- In a Facebook post, he said the Biden administration's door-to-door efforts to promote vaccines violate HIPAA laws.
- Experts say Robinson misunderstands what HIPAA actually does.
North Carolina’s lieutenant governor is speaking out against the federal government’s effort to promote COVID-19 vaccines.
After Joe Biden’s administration fell short of its goal to vaccinate 70% of Americans by July Fourth, the President announced plans to send advocates "door-to-door" in certain communities.
Some Republicans are pushing back on the door-knocking idea, with North Carolina Lt. Governor Mark Robinson saying it’s an invasion of privacy.
"There have been many reports of officials making door-to-door visits to encourage people to get vaccinated. I still contest that those who wish to be vaccinated should have every opportunity to be," Robinson said in a July 9 Facebook post.
"However, showing up at the front doors of people’s houses and violating HIPAA laws by requesting private medical information regarding their vaccination status is unacceptable and illegal. We must allow citizens to make decisions of their own free will, and not coerce them into getting the vaccine," he said.
Is Robinson right? Is it against the law for officials to ask about someone’s vaccination status?
First, it’s worth noting that the people going door-to-door are not federal government employees.
"They are not members of the government. They are not federal government employees. They are volunteers. They are clergy. They are trusted voices in communities who are playing this role and door knocking," White House spokeswoman Jen Psaki said in a July 8 press briefing.
And no, experts say they would not be breaking HIPAA laws by asking about someone’s vaccination status.
HIPAA stands for the Health Insurance Portability and Accountability Act of 1996, and critics of masks and vaccinations have argued it protects them from questions about their healthcare decisions.
However, multiple experts have told PolitiFact and other fact checkers that those critics misunderstand the law.
The law’s "Privacy Rule" established a set of national standards to address how health care providers, insurers and other entities use and share people’s health information. The U.S. Centers for Disease Control and Prevention says the law is designed to prevent those companies and groups from disclosing a patient’s private health information without that person’s permission.
PolitiFact previously reported that HIPAA does not prevent businesses from asking if a customer is vaccinated.
Featured Fact-check
PolitiFact North Carolina asked experts if a government volunteer would violate the law if they were "requesting private medical information," as feared by Robinson. They all said no.
Jodi Daniel, a partner in Crowell & Moring's Health Care Group in Washington, D.C., helped draft the first iteration of HIPAA. She says the HIPAA privacy rules only apply to certain types of entities.
"These entities are most healthcare providers, health plans, and healthcare clearinghouses," Daniel wrote in an email to PolitiFact NC."HIPAA addresses what an entity that holds individually identifiable health information can and cannot do with that information. There is nothing in HIPAA that prohibits the requesting of health information from an individual."
Kirk Nahra, a partner with WilmerHale in Washington, D.C., and an expert in privacy law, wrote about HIPAA last month for the International Association of Privacy Professionals. He responded to Robinson’s claim in an email to PolitiFact NC.
"If the mayor’s office, or the governor’s office, or the president’s office sends people out to ask, there is no possible HIPAA violation," Nahra said. "The HIPAA rules – even where they would apply – would restrict the doctor from disclosing your medical data, but doesn’t by itself prohibit anyone from asking you for information."
Lawrence Gostin, faculty director of the O'Neill Institute for National and Global Health Law at Georgetown Law, also saw no truth to Robinson’s claim.
"First, the person ‘knocking the door’ isn't a health care provider who has access to your records," Gostin told PolitiFact NC in an email. "Second, the individual (who is answering the door) has a choice whether to disclose his or her vaccination status. Thus, it is entirely wrong to suggest any violation of privacy."
We specifically asked: Is there any scenario where a government representative would violate the law by requesting – but not demanding — health information?
Thomas Miller, senior fellow studying healthcare at the right-leaning American Enterprise Institute, said no. He noted that the federal government already has "broader public health protection powers (and emergency powers) that extend beyond the limits of HIPAA on ‘covered entities.’"
"It further can take reasonable steps to protect the rest of the public from public health risks posed by others. But it cannot make someone answer if they chose not to do so (although there may be some related consequential responses)," Miller wrote in an email to PolitiFact NC.
"Hypothetically, a federal government agency still ‘could’ do something else incredibly stupid and actionable, but there’s no sign of that happening thus far and no reasonable future likelihood of the imaginary becoming real. We have more serious issues to address well before engaging in that sort of idle speculation."
We emailed Robinson’s staff about his Facebook post, but never received a response.
Robinson said it would be "illegal" for government officials to show up at peoples’ doors "requesting private medical information."
An academic, a privacy law attorney, a former government employee who helped draft HIPAA, and a policy expert at a right-leaning think tank say Robinson’s claim is inaccurate.
It is not a HIPAA violation to ask someone if they’re vaccinated. And HIPAA does not prevent someone from answering the question. We rate Robinson’s post False.
Our Sources
Facebook post by North Carolina Lt. Governor Mark Robinson on July 9, 2021.
Transcript from White House spokeswoman Jen Psaki’s press briefing on July 8, 2021.
Story by the Washington Post, "Vaccines door-to-door: Immunization push goes granular as delta variant looms," posted July 7, 2021.
Story by Forbes, "Governors of two undervaccinated states say no to Biden’s door-to-door vaccine push," posted July 9, 2021.
Story by PolitiFact, "No, HIPAA doesn’t prohibit businesses from asking about your vaccination status," posted May 21, 2021.
Story by USA Today, "Fact check: Businesses can legally ask if patrons have been vaccinated. HIPAA does not apply," posted May 19, 2021.
Story by the Associated Press, "Federal law allows businesses to ask for proof of vaccination," posted May 21, 2021.
Story by Snopes, "Under HIPAA Rules, can businesses ask if you have been vaccinated against COVID-19?" posted May 20, 2021.
Article on IAPP.com, "A public service announcement about the HIPAA Privacy Rule," posted June 18, 2021.
Email exchange with Jodi Daniel, a partner in Crowell & Moring's Health Care Group in Washington, D.C.
Email exchange with Kirk Nahra, a partner with WilmerHale in Washington, D.C.
Email exchange with Lawrence Gostin, faculty director of the O'Neill Institute for National and Global Health Law at Georgetown Law.
Email exchange with Thomas Miller, senior fellow studying healthcare at the American Enterprise Institute.
Browse the Truth-O-Meter
More by Paul Specht
North Carolina Lt. Governor wrong about HIPAA
Support independent fact-checking.
Become a member!
In a world of wild talk and fake news, help us stand up for the facts.