Do COVID-19 vaccine passports infringe the HIPAA laws? Today the much-discussed issue has been fueling news portals. And finally, experts reveal a reply.

So far, there have been 175 million doses in the US. Statistics showed that more Americans have at least one dose than have been tested positive for COVID-19 since the pandemic started. On average, 3.4 million doses per day were administered during the first week of April.

Centers for Disease Control and Prevention (CDC) issued thousands of vaccination cards per day to track the vaccination records as well as support travel industries. But what are Covid-19 vaccine passports really?

HIPAA Compliance Management Application

Reduce Administrative Burden

See all the information in a centralized space

Keep your team updated with regular information

Contact Us

What is a vaccine passport?

Vaccine passports are mostly shaped like a free mobile app where foreign travelers can upload vaccine proof, test results for coronavirus, and other health waivers. The aim is to digitize paper vaccination certificates from each country into internationally recognized passes.

However, there have been significant issues about HIPAA legislation that individuals have to upload the test results or other health waivers.

On that note, let’s see what the experts think.

Expert’s opinion

Vaccine passports do not contravene HIPAA according to medical laws and HIPAA experts. The HIPAA aims is to protect confidential health information. The law shall apply if an insurer or medical provider receives protected health information (PHI) from a person. Finally, while vaccine cards are regarded as PHIs, an airline is not a health provider, which means it is not a covered organization.

Covered entities are healthcare providers, healthcare plans, and healthcare clearinghouses that transmit electronically any health data for which HHS has adopted transaction standards.

In addition, no confidential medical information, including information about a person’s pregnancy or state of mental health, or whether they have chronic conditions such as HIV/AIDS, can be revealed by vaccine cards.

However, if an airline tries to contact a medical provider or doctor to inquire if the person has been vaccinated, this may be a HIPAA issue. That being said, the information can be shared if the person informs the doctor that the data can be shared with a certain company.

Final thoughts

Even if expert opinions have been expressed, the subject continues to be a bit gray. Your internal enforcement efforts should still be centered.

You can use HIPAA Ready, our cloud-based compliance management app. The comprehensive web and mobile application include modules designed to simplify all requirements of compliance, including training and certification.

COVID-19 Vaccine Scheduling Software, COVAX, which is already being used by several governmental authorities in other countries also comes from CloudApper.

Please visit our website at to learn more about our solutions. Or leave one message here and you will gladly be helped by one of our customer service representatives.