HIPAA 2013-Immunization Record-Agreement Instead of Authorization.

HIPAA 2013-Immunization Records Flow

Kids hate shots!  Is there anyone out there who enjoys them?

Yet, we recognize that immunizations are vital to public health because they prevent communicable disease.

As anyone with children in school knows, kids must be up-to-date on immunizations to enter school.  In this way, schools protect public health.

It’s also good public policy that barriers to kids being in school are minimized.

In this way HIPAA 2013 furthers those public policies by “loosening up” on authorization requirements for release of immunization records to schools.

Pre-HIPAA 2013, Release of Immunization Records Generally Required Authorization

Typically, schools ensure compliance with immunization requirements by requesting the immunization records from parents rather than directly from a health care provider.  However, where a covered health care provider is
requested to send the immunization records directly to a school, the Privacy Rule generally required written authorization by the child’s parent before a covered health care provider may do so.

This created an extra layer of difficulty for schools, doctors, clinics, parents and students.

HIPAA 2013 Goes from “Authorization” to “Agreement”

However,  in HIPAA 2013,  Section 164.512(b)(1) adds some language that permits a health care provider to give proof of immunization to the school if the provider gets and documents agreement from the parent or guardian of the child.

The rule does not micromanage how the agreement is documented.  It leaves to the provider whether they will simply make a note in the child’s chart, print out an e-mail request from the parent, or document some other way.  However, the agreement must be an affirmative assent or request by a parent, guardian, or other person acting in loco parentis contacting a child’s health care provider to request proof of immunization be sent to the child’s school.

It’s important to point out that the agreement described here is not the same as a HIPAA-compliant authorization.  Providers are still free to use a HIPAA-compliant authorization, but in situations where that is not practical or expedient, the addition of the “agreement” eliminates the need for it.

Another thing to keep in mind is that the rule points out that he protected health information that is disclosed by “agreement” is limited to proof of immunization.

HIPAA 2013 Advances Easier Transmission of Immunization Information.

You can take a look at the rule here.

Please subscribe to my HIPAA and Health law updates and come back soon!


Leave a Reply