Are you getting your Covid passport?

The latest Covid news is talking about requiring a mandatory passport for traveling and general participation in society available to those who have been vaccinated. Last week, Governor Cuomo in New York began pushing this idea, and this week the Biden administration has begun work on a national program. In short, if you haven’t been vaccinated, then you won’t be permitted to attend or participate in certain social activities.

While we can discuss the myriad of concerns with such a program, since we’re focused on health information privacy, let’s consider the implications such a system could have on that.

First and foremost, who will administer it? Will this be the equivalent of a Department of Motor Vehicles for tracking Covid vaccines and administering qualifying cards? Will doctors be expected to submit their qualified patients to a new department, or to HHS? What other information will this database contain? Will it contain other health information? Will it include a photo ID? Who will be responsible for managing this new massive database? How will they secure it? A new, massive database of US citizens containing our health information that will be widely distributed should be aggressively scrutinized before receiving our support.

Second, what restrictions will be put upon those who have not received the vaccine? While there are many who have refused for personal reasons, there are still others who, for medical purposes, are not candidates for the vaccine. Assuming anyone without the vaccine will be on the “bad” list, what will that mean? Will anyone on the list be prevented from flying? From attending sporting events, concerts, political rallies, or any other large gathering of people? Will those on the list not be permitted to eat in restaurants, to shop at Walmart? Will those not on the list be required to provide an explanation for their lack of a vaccine? Will we be required to show the airline gate attendant an exemption letter from a doctor?

I certainly understand the altruistic aspirations of such a program, but my cybersecurity and privacy training cause me to be skeptical of the potential risks. If such a program comes to life, our hope would be it’s narrow in scope regarding the actual contents of the database and the restrictions it attempts to enforce.

I hope everyone sees this as a fundamental and unprecedented change to life in America. Such an endeavor has never been proposed in the United States. It’s not our place to comment on the validity of such a proposal, but we do hope the privacy of our data is considered of paramount importance.

If you would like to comment on this message, feel free to email us at info at acentec dot com.

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.