The Health Insurance Portability and Accountability Act of 1996 (HIPAA) governs the exchange of electronic health care information between organizations such as healthcare providers and health insurance companies. This law is frequently misunderstood by the general public and well-meaning advice or privacy concerns, particularly in light of the COVID-19 pandemic, often evolve into outright misinformation about the law, when it applies, and who it applies to.

“Normally, the misunderstanding would be an innocuous if annoying one. But the pandemic has helped bring health privacy issues to the fore. As with many other things over the last year, we’ve moved many of our health interactions online. Some of those may not be covered by HIPAA, but many people simply assume they are. And as the pandemic became increasingly politicized, many people cited HIPAA as an excuse to get out of mask mandates and to declare vaccine passports to be illegal. Neither of these assertions is true, but that hasn’t stopped many people from making them — even though using them to avoid public safety measures could be harmful to everyone.”

You can read more about HIPAA in this recode article. Please note that this primer is intended for personal cybersecurity guidance and does not constitute professional HIPAA training or official operational guidance for employees.