My Interpretation of the HIPAA privacy rule:
HIPAA privacy rules do not prohibit people and organizations from asking for vaccine status, if they are not a "Covered Entity"
"Covered entities" cannot provide medical information to entities not covered by HIPAA privacy rules. (Exceptions might be in HIPAA regulations.)
For entities not covered by HIPAA privacy rules, state and local laws may restrict what can be done with vaccine status information.
Health Insurance Portability and Accountability Act of 1996
https://aspe.hhs.gov/reports/health-insurance-portability-accountability-act-1996
Privacy and Security Information
https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/PrivacyandSecurityInformation
The HIPAA Privacy Rule
https://www.hhs.gov/hipaa/for-professionals/privacy/index.html
Covered Entities
https://www.hhs.gov/hipaa/for-professionals/faq/covered-entities/index.html
Are You a Covered Entity?
https://www.cms.gov/Regulations-and-Guidance/Administrative-Simplification/HIPAA-ACA/AreYouaCoveredEntity
HIPAA Privacy Rule discussion in the media
https://en.wikipedia.org/wiki/Health_Insurance_Portability_and_Accountability_Act#Privacy_Rule
How the HIPAA Law Works and Why People Get It Wrong
https://www.nytimes.com/article/hipaa-law.html
Explaining HIPAA: No, it doesn’t ban questions about your vaccination status
https://www.washingtonpost.com/lifestyle/wellness/hipaa-vaccine-covid-privacy-violation/2021/05/22/f5f145ec-b9ad-11eb-a6b1-81296da0339b_story.html
Lawmaker Marjorie Taylor Greene, in Ten Words or Less, Gets HIPAA All Wrong
https://lawandcrime.com/legal-analysis/lawmaker-marjorie-taylor-greene-in-ten-words-or-less-gets-hipaa-all-wrong/
