HIPPA doesn't cover this.
The HIPPA Privacy Rule addresses the use and disclosure of an individuals' health information by entities subject to the Privacy Rule. These organizations and individuals are called "covered entities". The major goal is to ensure individuals' health information is properly protecte3d while allowing the flow of health information needed to provide and promote high quality health care and protect the public's health and well being. It's a balance permitting important uses of information while protecting the privacy of covered people seeking care and healing.
Covered Entities:
Healthcare providers
Health plans
Healthcare clearinghouses
Business associates
It's the Covered Entities which must ensure confidentiality, safeguard the information, protect against impermissible uses, and certify compliance by their workforce.
Organizations which are not considered "Covered Entities" as defined by HIPPA are not covered by HIPPA.
And even so, Covered Entities may disclose information in a variety of ways covered by HIPPA, including when required by law (kind of a get-out-of-jail-free card for the government), public health activities, judicial and administrative proceedings, law enforcement, and to prevent or lessen a serious threat to health or safety (another kind of get-out-of-jail-free card).
EXAMPLES WHERE VACCINATION RECORDS ARE ROUTINELY REQUIRED:
- In schools, for students.
- In certain jobs where there may be exposure concerns due to the nature of the work.
- Military.