HIPAA pertains to Protected Health Information which is any health/medical information where an individual is identified. This is especially true if the health/medical information is used to communicate information about a past, present or future medical condition.

There are times when employers do recieve Protected Health Information records from health insurance companies, providers, etc or even employee themselves. In order for the employer to be HIPAA compliant, any and all Protected Health Information records must safeguarded from any unauthorized disclosure. For you see, supervisors/managers who are authorized to access personnel files are not authorized to access health/medical files. Disclosure of Protected Health Information must be limited in scope and only for legitimate business reasons.

Any record identifying which employees have and/or which emoloyees have not gotten the vax is definitely considered Protected Health Information under HIPAA. Your HR dept absolutely has a duty to safeguard vax status information.

In short, under HIPAA, your HR dept may inquire into your vax status but in doing so, your HR dept is mandated to safeguard the information/records from unauthorized disclosure. You should be able to request access to your own personnel file. Should your vax status information be found in your personnel file, you would be able to file a non compliance complaint with the Office of Civil Rights.

However, when it comes to employees who have not gotten the vax, employers cannot violate their rights under Title VII or the American with Disabilities Act (ADA).