Whatever your opinion is of wearing, or not wearing a mask, there are in increasing number of mandates being put in place by governments or independent establishments in an effort to mitigate the spread of COVID-19. This mask mandate means that most people over a certain age need to have their face covered, including their nose and mouth.
As a business owner or simply a concerned citizen, you will encounter people who object to wearing the mask and may not have one on. Your first inclination may be to scowl at them for not following the rules, or if you are in a position to do so, demand that they wear one while in your establishment. Does the non-wearer have to tell you why they do not have a mask on? Does HIPAA protect them from having to answer you – or does it prevent you from being allowed to ask the question in the first place?
According to this article, Louisiana attorney Stephen Sullivan said that HIPAA covers protected health information that is in the possession of a healthcare provider. This includes licensed practitioners. The PHI that is in their possession as a result of the paid health care that they provide, is the information that is required by HIPAA to be protected. Therefore, a general business owner would not fall under HIPAA jurisdiction. Sullivan states “Accordingly, HIPAA nor any other law prevents a premises owner from asking reasonable questions about a customer’s health condition in order to keep his staff and others safe.”
Civil Rights – Right?
The Civil Rights Act of 1964 was what ended segregation in public places and also banned employment discrimination on the basis of race, color, religion, sex, or national origin. And some people are claiming it is their civil right to not wear a mask. This is not accurate either according to Sullivan who states “There is no civil right to do as you chose, if by doing so you present a risk of harm which infringes on the rights of others”…he continues to say “The Civil Rights Act prevents discrimination based on race, religion, sex and national origin. There is no protection for legitimate discrimination by business owners against customers who for health or any other reason will not mask.”
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE