HIPAA is used to protect sensitive medical information but only applies to how physicians, hospitals and health insurers share a patient’s information with third-party entities, according to a report by The Washington Post.
A vaccine card would qualify as protected health information, but an airline is not a healthcare provider. HIPAA also doesn’t protect medical information that a patient shares about themselves.
An airline still has to follow state privacy and identity theft policies.
“Once they get the data, they have to protect it,” Jeff Drummond, a healthcare regulatory lawyer who has been working with HIPAA for nearly 20 years, told Dallas-based WFAA. “They have to notify you if there’s a breach, but other than that, that’s the end of their obligation under either HIPAA or Texas state law.”
“Just because you carry around some health information with you in the form of your vaccine card, that information doesn’t bring all the HIPAA protections with it,” Erin Fuse Brown, a law professor at Georgia State University in Atlanta, told WFAA.
More articles on cybersecurity:
More than 1 million affected by data breaches in March
Humana employee identities being used to file fraudulent unemployment claims
FBI warns of Mamba ransomware campaign: 10 tips to protect your hospital
