Knoxville attorney says suing over mask mandates, citing HIPAA is a “waste of time and money”

KNOXVILLE, Tenn. (WVLT) - As businesses continue to fully reopen and relax COVID-19 regulations, some have decided to keep mask wearing around. There are no longer mask mandates in most Tennessee counties, but businesses still have the right to require customers to wear a mask. Some businesses only ask that customers who have not received the COVID-19 vaccine continue to wear face coverings, sparking questions of HIPAA violations.

The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule “establishes national standards to protect individuals’ medical records and other personal health information and applies to health plans, health care clearinghouses, and those health care providers that conduct certain health care transactions electronically,” according to hhs.gov.

The privacy rule gives patients the rights over their health information and is designed to keep private healthcare information secure, but one Knoxville attorney said it has nothing to do with mask mandates.

Jed Mckeehan said if you feel like suing a company over requiring a mask, you are “wasting your time and money” because private businesses and companies have the right to set their own guidelines and rules and you must comply if you’re in their space.

According to the U.S. Department of Health and Human Services HIPAA rules only apply to what are considered covered entities and business associates.

“Individuals, organizations, and agencies that meet the definition of a covered entity under HIPAA must comply with the Rules’ requirements to protect the privacy and security of health information and must provide individuals with certain rights with respect to their health information. If a covered entity engages a business associate to help it carry out its health care activities and functions, the covered entity must have a written business associate contract or other arrangements with the business associate that establishes specifically what the business associate has been engaged to do and requires the business associate to comply with the Rules’ requirements to protect the privacy and security of protected health information. In addition to these contractual obligations, business associates are directly liable for compliance with certain provisions of the HIPAA Rules,” an excerpt from the department website reads.

The following are considered a covered entity:

Doctors
Clinics
Psychologists
Dentists
Chiropractors
Nursing Homes
Pharmacies
Health insurance companies
HMOs
Company health plans
Government programs that pay for health care, such as Medicare, Medicaid, and the military and veterans health care programs
Entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

WVLT’s Sam Luther spoke to people Thursday at the Tyson McGhee Airport, a place where masks are required, about their thoughts on taking legal action against a company that’s requiring a mask.

One traveler said they wish it wasn’t required but felt suing wasn’t necessary. While another traveler said wearing a mask shouldn’t be a problem, and she does not understand why someone would consider legal action.

Mckeehan said when it comes to vaccines it’s the same thing. He said you don’t have a case if you feel like you shouldn’t have to disclose to an employer if you’ve been vaccinated or not.

The Knoxville attorney added that he’s gotten a few questions regarding this topic but hasn’t had someone formally file a lawsuit through his office yet.

Copyright 2021 WVLT. All rights reserved.