As September lures people back to the office and the highly contagious Delta variant of the coronavirus spreads rapidly across the country, workplaces face a number of challenges, including having to vaccinate employees or reimposing mask requirements.

Some, including Georgia Republican Rep. Marjorie Taylor Greene, oppose these calls because she falsely claimed this week that disclosure of vaccination status was “a violation of my HIPAA rights,” the federal ordinance protecting confidential health information.

The Health Insurance Portability and Accountability Act, known as HIPAA, regulates the confidentiality of a patient’s medical records, but it is legal to ask Ms. Greene about her medical history. Still, their claim reflects a misperception that has spread through social media and fringe sites as online misinformation and misrepresentation about vaccines helps fuel resistance to vaccination.

Here’s a look at what privacy regulations HIPAA offers and why it’s so often misinterpreted.

In 1996, President Bill Clinton signed the HIPAA Act, a comprehensive health and privacy law that helped update and regulate the electronic processing of health insurance sales and personal medical information storage.

One aspect of the law, the Privacy Policy, makes it illegal for certain individuals and organizations, including healthcare providers, insurers, clearing houses, that store and manage health data, and their business partners, to share a patient’s medical records without the patient’s express consent. These parties process the patient’s health records on a daily basis.

No. The law only applies to businesses and healthcare professionals, although some people falsely suggest otherwise, as Ms. Greene suggested, that the measure provides protection against disclosure of personal health information similar to the fifth amendment.

HIPAA is extremely “tight,” said I. Glenn Cohen, an expert in bioethics and health law at the Harvard School of Law. “If someone says to you, ‘HIPAA prohibits this,’ ask them to point out the part of the law or regulation that prohibits it. They often fail to do that. “

In addition, the law does not prohibit anything from asking about a person’s health, whether it be vaccination status or showing that this information is correct.

Regardless, some have turned to the law as an excuse to divert such questions.

In July, North Carolina Lieutenant Governor Mark Robinson falsely claimed on Facebook that President Biden’s door-to-door campaign to promote vaccination and whether residents were vaccinated was “illegal” under HIPAA.

However, the law does not apply to employers, retail stores or journalists, among others. No federal law prevents companies from requiring their employees to be vaccinated, although there are certain exceptions if you have a disability or have a sincere religious belief.

Updated

July 22, 2021, 1:43 p.m. ET

You also don’t need to tell if you have been vaccinated. Disclosure is at your discretion.

Long before social media and marginal news sites spread harmful misinformation, like whether masks work (they do) or whether the coronavirus vaccine changes your DNA (it doesn’t), HIPAA and its use as a privacy rationale have often lent itself to len itself Misinterpretations.

“I often joke that while HIPAA is five-letter, it is treated like a four-letter word,” Cohen said. Doctors, he said, have often used this as a reason “not to do something they don’t want to do, such as giving a patient certain information by saying, perhaps believing but wrongly,” Well, that would be a HIPAA violation “.. ‘”

However, experts say that maintaining false claims does further harm and misunderstandings about HIPAA and vaccine skepticism among politicians and public figures.

“This rumor might not be particularly harmful in itself, but it is part of one of the most harmful narratives,” said Tara Kirk Sell, assistant professor of health safety at Johns Hopkins’ Bloomberg School of Public Health. “It’s especially a problem when there is an information gap and in that case people don’t know what HIPAA is.”

Ms. Greene previously spread misinformation about HIPAA and about vaccines. Twitter suspended her account this week after claiming Covid-19 was not dangerous for young, healthy people – a claim the Centers for Disease Control and Prevention have disproved.

“The HIPAA laws are real and they do something important,” said Ms. Sell. “The misinterpretation of what this is about only adds to this firestorm of anti-vaccine sentiment.”