Mask Mandate: Does It Violate HIPAA?

Mask Mandate: Does It Violate HIPAA?

August 04, 2020

As a business owner or simply a concerned citizen, you will encounter people who object to wearing the mask and may not have one on.  Your first inclination may be to scowl at them for not following the rules, or if you are in a position to do so, demand that they wear one while in your establishment.  Does the non-wearer have to tell you why they do not have a mask on?  Does HIPAA protect them from having to answer you – or does it prevent you from being allowed to ask the question in the first place?

According to this article, Louisiana attorney Stephen Sullivan said that HIPAA covers protected health information that is in the possession of a healthcare provider.  This includes licensed practitioners.  The PHI that is in their possession as a result of the paid health care that they provide, is the information that is required by HIPAA to be protected. Therefore, a general business owner would not fall under HIPAA jurisdiction. Sullivan states “Accordingly, HIPAA nor any other law prevents a premises owner from asking reasonable questions about a customer’s health condition in order to keep his staff and others safe.”

Face Mask and Hand Sanitizer

Civil Rights – Right?

The Civil Rights Act of 1964 was what ended segregation in public places and also banned employment discrimination on the basis of race, color, religion, sex, or national origin.  And some people are claiming it is their civil right to not wear a mask.  This is not accurate either according to Sullivan who states “There is no civil right to do as you chose, if by doing so you present a risk of harm which infringes on the rights of others”…he continues to say “The Civil Rights Act prevents discrimination based on race, religion, sex and national origin. There is no protection for legitimate discrimination by business owners against customers who for health or any other reason will not mask.”


We are a proud partner of HIPAA Secure Now!, a company of HIPAA experts dedicated to helping medical entities stay compliant and keeping their data safe. 

Thank you HIPAA Secure Now! (www.HIPAAsecurenow.com) for the contents of this article.


Want more cybersecurity tips to help keep your business safe & secure? Sign up for our email newsletter and have new articles & tips delivered straight to your inbox monthly.

Tracy Hardin

Tracy Hardin

Tracy Hardin is President and founder of Next Century Technologies in Lexington, KY. She has a bachelor's degree in computer science from the University of Kentucky and has earned certifications from Novell, Cisco and CompTIA. Her specialties in the field of IT are network design and security, project management and improving productivity through technology. She loves helping people by sharing her knowledge of tech.