Healthcare, Latest News

Confused about HIPAA? Read what you sign before laying down your signature

Signing the COVID-19 vaccine consent form does not give the vaccination clinic, a coalition of local health care providers, the right to sell your personal information.

The Dominion Post was recently approached by an individual who received his first COVID-19 vaccine at Morgantown Mall. He had concerns that the consent form, which he signed, may have allowed his personal information to be sold or violated the Health Insurance Portability and Accountability Act.

That is not the case.

The consent form allows organizations running the clinic – WVU Medicine, Mon Health and the Monongalia County Health Department – to access patient data and follow-up with the patients about the vaccine, a WVU Medicine spokesperson said.

WVU Medicine does not sell or share any information to third party vendors, the spokesperson said.

Consent can be revoked by calling 855-WVU-CARE and asking to be put on the do-not-call list.

While this particular form was not malicious, you should always read what you sign before you sign it, attorney Tyler Slavey, a partner at Slavey & Shumaker, said. It is the responsibility of the person signing to read the agreement.

“If you don’t read it, you’re out of luck,” he said. “If you do sign, you’re bound by the terms; it’s a contract.”

Of course, there are rare exceptions to that rule, Slavey said.

He said he personally reads everything he signs and is always on the lookout for instances where there are “outrageously broad conditions.”

For example, if you have Comcast service you have given up your right to a jury trial and have agreed to arbitrate any legal disputes.

“It’s way beyond the scope of anything you’d ever consider getting services in Morgantown, West Virginia,” Slavey said.

The consent form also did not violate HIPAA, which is a commonly misunderstood law, Slavey said.

You cannot generally sue over a HIPAA violation, Slavey said. Especially egregious violations, such as the deliberate selling of personal information are difficult to win exceptions.

“Screwups aren’t enough,” he said.

That doesn’t mean hospitals or health care providers can’t get in trouble for breaking HIPAA law, but it’s a regulatory violation.

Additionally, HIPAA only applies to health care providers, not anyone else who may have your medical information. Other people who have access to your medical information, absent an agreement not to share it, can do so without breaking the law.

HIPAA breaches can be reported at hhs.gov/hipaa.

Tweet @DominionPostWV