Yes, in a general sense. But HIPAA is a law that only applies to health care entities; therefore, a technology provider like Kokomo24/7 is not legally allowed to say it's HIPAA compliant
HIPAA is a law that only applies to health care entities, therefore, a technology provider like Kokomo24/7 is not legally allowed to say it's HIPAA compliant. We simply cannot state that and anyone saying that they are and not being a healthcare entity is inaccurately representing themselves.
However, it is running on a platform that is HIPAA-compliant and SOC-2 certified environment, i.e. AWS. On top of that, our solution is above and beyond conforming to the industry standard of design and security measures set by HIPAA and ISO 270001. We can provide various documentation including security controls that meets and beyond the HIPAA guideline in place, architecture diagrams, and designs to all of our clients upon request.
CDC in Education (FERPA):
Q: Can health care providers, daycare operators, Head Start, and school officials share immunization information with another provider or school to update missing immunization history or bring children into compliance with daycare, Head Start, and school requirements?
A: Health care providers (or other covered entities) may share immunization information with other health care providers as needed to make treatment decisions, such as to give further immunizations. Providers may also disclose immunization information to schools, without authorization, if permitted or required by State law. These State laws would not be preempted by the Privacy Rule. (45 CFR 160.203(c)). In the absence of such a state law, it appears that such disclosures to schools will require individual authorization. Immunization records held by daycare centers and schools are not protected health information under the Privacy Rule. Disclosures of immunization information by schools are covered by the Family Educational Rights and Privacy Act (FERPA). (45 CFR 164.501).
Vaccine Passport and HIPAA:
With states starting to issue vaccine passports, proving that a resident has been vaccinated against COVID, many have been asking, is this a HIPAA violation? To provide guidance, immunization passports and HIPAA implications are discussed.
Do Vaccine Passports Violate HIPAA?
There has been a lot of debate as to whether or not businesses would be in violation of HIPAA by requiring customers to provide proof of vaccination to receive service. The quick answer is, no this is not a HIPAA violation. This is because of two reasons; HIPAA only applies to healthcare organizations and patients would be self-disclosing their status…
Does a vaccine passport violate HIPAA?:
… a vaccine card would qualify as protected health information, but an airline is not a healthcare provider. HIPAA also does not protect medical information that a patient shares about themselves.
The misconception of HIPAA:
One of the things that have been mentioned in both the vaccine controversy and in resistance to mask mandates is HIPAA. That’s the acronym for a 1996 federal law that includes a medical privacy provision that went into effect in 2003. HIPAA is one of the most misunderstood health laws in the country, says Spector-Bagdady, who has studied medical privacy extensively. “Very few people actually understand what it means. They think it provides comprehensive privacy protections for health information in all circumstances, which it simply does not,” she explains. “HIPAA only governs certain kinds of entities – your clinician, hospital, or others in the health care sphere. It does not apply to the average person or to a business outside health care. It doesn’t give someone personal protection against ever having to disclose their health information.”