Lots of people who have not been vaccinated for reasons other than delusions and conspiracy theories will continue to wear masks.
Lots of other people will lie, but I doubt many will fake paperwork, since that could get them in serious trouble.
There are already so many reports of people selling fake vaccine ID cards (and these are the ones which get caught) that it is unlikely that there are not many, many more used by those without plans to get the vaccines as it will get in the future more difficult to get on cruises, flights, other countries, workplaces, concerts etc. As long as people can earn money with it….
Fake COVID Vaccine Cards Are Sold Online But Using One Is Illegal : NPR
The state-level June 15 reopening seems to have so far zero coordination at the county (in some cases city) health department level. Alameda County has an event scheduled for Tuesday (June 15). LA and Berkeley have nothing. They’d better not spring surprise local restrictions on all the restaurants etc. who are gearing up for normal operation at 100% capacity Tuesday.
http://publichealth.lacounty.gov/media/coronavirus/reopening-la.htm
Mama mia, that’sa lotta information. Overwhelming, actually.
I agree with your comment about the possibility of local restrictions suddenly popping up, catching businesses that are preparing for recovery by surprise.
My personal concern is with “vaccination passports”. Call it what you will, but for now that’s basically what the CDC card is. I don’t have a problem with carrying some sort of card to officially prove my vaccination status, but the CDC card is unwieldly (large) and isn’t durable, and laminating isn’t a good idea if it needs to be updated again. I don’t normally carry a cell phone with me, so that leaves carrying a copy of the CDC card around all the time if I want to be sure that all businesses I want to enter will let me in. A small laminated version of the CDC card, or one issued by the State that could be carried in a wallet like a drivers license, would be the best compromise that would work for people like me.
Here’s a quote from an article in today’s SD Union-Tribune about a vaccine verification process that is in the works in CA:
Given that all coronavirus doses are recorded in state or county electronic vaccine registry databases, it is technically possible for California to create some method for businesses to check who truly has received their shots and who has not.
These government agencies have the data, and the DMV has your ID and photo, so the DMV could in principle mail out laminated verification cards to all who request them on their website. Not everyone would want one, only people like me who don’t carry a smartphone all the time.
Oh yeah, put the California DMV in charge. That’s a recipe for success.
HIPAA probably doesn’t allow collating CDC and DMV records.
Not sure about HIPAA prohibiting sharing such data. HIPAA allows actually quite a lot in termsof data sharing, asking certain medical questions etc and that may be a gray zone (and expect law suits from both sides)
1 Like
Well, the DMV itself wouldn’t have to be the agency to actually produce and distribute the cards. The DMV could, however, provide your photo and identity information (name, photo and date of birth) to the appropriate agency.
As to records being collated between the CDC and DMV, I wasn’t suggesting that at all. In the article that I posted it said that vaccination status data are available in “state or county electronic vaccine registry databases”. That’s where those data would come from, not the CDC.
HIPAA doesn’t care because neither the CDC nor the DMV are covered entities or business associates.
No offense, but did you actually read any of what you had linked? Because, as far as I can tell, none of it as any bearing on whether the CDC is a covered entity.
Please point out to me where the CDC is on this list of covered entities?
or if the CDC meets the definition of a business associate?
The guidelines seem to say that the CDC is subject to HIPAA requirements regarding PII.
HIPAA literally controls every minute of what I do professionally. So, while I am not a lawyer, I do have a pretty thorough understanding of it.
There is no “seem to say” in HIPAA. It is lengthy. It is highly specific. And it is widely misunderstood.
We, as healthcare providers, even needed special dispensation during the pandemic to provide telehealth services using non-compliant video communication platforms. The free version of last year’s Zoom wasn’t compliant b/c it didn’t provide end-to-end encryption (the paid version is/was compliant), and Apple’s Facetime is non-compliant only b/c the company refuses to enter into a Business Associate Agreement (it functionally is compliant). That’s how specific HIPAA is. And, when I would tell my colleagues that using Facetime had been technically illegal in the past, they seemed dumbfounded.
If you can’t find a place in the text of the regulations where the CDC (let alone the DMV) meets the specific criteria set forth as a covered entity or a business associate, it’s not a covered entity.
Moot as regards the CDC for those of us in California, which has not been providing PII to them.
It’s “moot” b/c the CDC is not a covered entity. It’s even included in a link in that article: “As HHS and CDC each is a public health authority for purposes of this DUA, the Parties expressly do not intend to create a HIPAA business associate relationship.”
The CDC isn’t even a hybrid entity:
And we don’t use the term “PII” in HIPAA (at least, not as far as I know). It only uses term the “PHI,” and, as far as HIPAA goes, all PII is considered “PHI.”
Sorry, this is not an area of the law that you can master (or, TBH, even having a working understanding of) simply by reading stuff available on the internet.
2 Likes
That won’t be by far the last law suit but it goesin the right direction
1 Like
I don’t understand why this discussion is dwelling on the CDC. That’s not where the data needed for the cards would come from. It would come from the databases in this excerpt from my second post on the subject. Please re-read my posts. I never mentioned the CDC except to say that it wouldn’t be the source.
And this is from my first post:
Given that all coronavirus doses are recorded in state or county electronic vaccine registry databases, it is technically possible for California to create some method for businesses to check who truly has received their shots and who has not.
What information has California collected, anyway? I know MyTurn got my name, date of birth, email address, county of residence, and zip code when I made my appointments, and Kaiser recorded my insurance info. The CDC card has only my name, birth date, Pfizer lot numbers, and vaccination locations and dates.
I think any state-level verification system in California would per the state’s privacy laws have to require the consent of the individual being verified. I’m not sure how that could work.
Absolutely! So there would have to be a state-run website that you could go to where you could give that consent and request a card if you so chose to do so. Without a person’s consent, there would be no exchange of data between agencies, and no card.
And OK, I did mention the CDC, but only in the context of the CDC itself possibly issuing a smaller and more durable version of their card.
Newsom reportedly said Friday the state is going to have an electronic system that will allow businesses to verify that customers are vaccinated.
At least for Californians, the CDC can’t possibly issue cards, since the state gave them only the birth year, sex, and county of vaccinated individuals.
But surely you could send in your CDC card to them, as you do with a passport, and they could send back a small laminated version with the exact same information. If CDC cards are going to be accepted as validation of vaccination, a smaller copy should certainly also be accepted by businesses and venues, and that would probably work nation-wide.