The HIPAA VAX Question, Cybersecurity, and Amazon Sidewalk

We’ve been getting quite a few questions from clients and internet requests on whether or not it’s a HIPAA violation to be asked about your vaccination status. At the same time, I’ve read some very interesting takes on the question from some HIPAA “experts” who give lengthy explanations of why it is not a HIPAA violation for someone, anyone really, to ask you your vaccination status. Let’s give a straightforward answer we can all understand.

NO. It is not a HIPAA violation for someone to ask you anything. UNLESS that person is a prospective employer, your manager, or another role where your privacy rights would be violated or other employment laws may be triggered. For me, that’s the rub with this question. While I can ask you if you’ve been vaccinated, you can choose to decline to answer. If I then say, well, I won’t hire you unless you can prove it, or I won’t let you into this venue, or I won’t let you on this plane, then the question becomes are your civil rights being violated? At present, the belief seems to be a public health emergency takes priority over our civil rights. We may differ in our opinions on this, but I think we can all agree this has been a unique circumstance, handled in unprecedented fashion, and it presents a host of civil rights and legal issues that will take time, perhaps years, to sort out in legislative bodies and the courts. As it stands, you can be refused service/access/permission to activities you desire based upon a.) your willingness to answer that question; and b.) your ability to prove it.

Cybersecurity
It’s comical to me that whoever the minority political party is at a given time accuses the party in power of not doing enough to stop cyber-crime. It’s trendy, it’s topical, and cybercrime is a hot-button issue. Here’s the reality – our government has done a lot, more than many realize, but they haven’t done enough and they can’t do it alone.

You need to invest more in your cybersecurity – both in your training and in your hardware defenses. Well over 80% of businesses have done nothing different than they were doing 5 years ago, and that’s a major part of the problem. When an air conditioning vendor with neglected cybersecurity can get hacked and that hack results in their clients, hospitals, and banks, being breached, we’ve got issues that reach down to the lowest common denominators in our supply chain, so it’s not an easy fix.

As for the government doing more, that would require some politically unpopular moves, I’m sad to say. We know who the culprits are. Russia protects its cybercriminals from prosecution and extradition. China IS a cybercriminal. These cyberattacks should be treated as acts of war, and our response should be commensurate. Good luck with that, but until we get serious about it, things aren’t going to change. That’s the reason so many business owners feel abandoned, but we aren’t. The FBI and other law enforcement agencies are ready to help you in a crisis. You need to reach out to them if you need them.

Amazon Sidewalk
On a brighter note, let’s talk about Amazon Sidewalk. You may recall this nifty little feature from an earlier Reminder, well it’s now live on Amazon home devices like Alexa. It allows your home wifi to be shared by your neighbors or passersby. Not to worry, says Amazon, it’s all completely secure. Well, it turns out it’s enabled by default. If you have the Amazon Alexa app, and you’re not inclined to be so generous with your neighbors and strangers, then you need to go into your Alexa app, go into Settings, go into Account Settings, and then go into Amazon Sidewalk and disable it.

Thank you for reading.

As they say in (American) football, keep your head on a swivel because someone is trying to decapitate you. Be alert. Be safe.

JM

If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.


For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.

The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.