Covid vaccination status tracking…

In mid-February 2023, I reported that the U.S. government has secretly been tracking those who didn’t get the COVID jab, or are only partially jabbed, through a previously unknown surveillance program designed by the U.S. National Center for Health Statistics (NCHS), a division of the Centers for Disease Control and Prevention.¹

Within days, fact checkers were burning the midnight oil trying to debunk the idea that individual people are being tracked, or that these data could be misused by government or third parties.

Strangely enough, the most egregious “misinformation” example USA Today’s fact checker could find was a social media post that “generated nearly 200 likes in less than a month.”² Two hundred likes? To most influencers, that’s nothing, especially not over the course of 30 days.

Why is USA Today stressing over a post with 200 likes? Seems a bit panicky if you ask me. Reuters also came out with a fact check and, like USA Today, Reuters claimed there was a lack of “context:”³

“New diagnostic codes that describe a patient as under-immunized against COVID-19 were introduced to help doctors identify patients potentially at risk for more-severe COVID and to help health officials track vaccine effectiveness and mortality statistics, among other public health questions, not for U.S. government tracking of unvaccinated individuals, as some are claiming online.

The codes in an individual’s medical record, like all personal health information, are protected by U.S. privacy law and could only be analyzed at the group or population level uncoupled from individual identities …”

Your Medical Records Are Far From Private

As is so often the case, the fact checkers are the ones taking the issue out of context or, rather, not presenting the full picture. The fact is, your medical data are not nearly as private as you think. The Health Insurance Portability and Accountability Act (HIPAA) is rife with exemptions when it comes to your privacy.

Federal agencies such as Health and Human Services (HHS) and the Centers for Disease Control and Prevention have every right to access identifiable information, as they are exempt from the privacy clauses, and they’re particularly justified to access your private vaccination data if there’s an outbreak of infectious disease, be it real or fictitious. As noted in the HHS’s and CDC’s HIPAA guidance:⁴

“Balancing the protection of individual health information with the need to protect public health, the Privacy Rule expressly permits disclosures without individual authorization to public health authorities authorized by law to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability, including but not limited to public health surveillance, investigation, and intervention …

[T]he Privacy Rule expressly permits PHI [protected health information] to be shared for specified public health purposes. For example, covered entities may disclose PHI, without individual authorization, to a public health authority legally authorized to collect or receive the information for the purpose of preventing or controlling disease, injury, or disability …

Further, the Privacy Rule permits covered entities to make disclosures that are required by other laws, including laws that require disclosures for public health purposes.”

Loopholes Also Allow Re-Identification of Personal Data

Government agencies and a number of third parties or “covered entities” can also use a number of loopholes to re-identify previously de-identified patient data. As explained in a CDC Public Health Law document detailing the lawful sharing of private medical data:⁵

“While HIPAA limits the use and disclosure of health information, it also permits certain secondary use exceptions for public health purposes. HIPAA provides certain circumstances under which patient data can be disclosed to health departments without patient authorization.

Under HIPAA, providers may disclose identifiable patient data (protected health information or PHI) if required by law, allowing states to pass legal exceptions to HIPAA restrictions.

Providers may also disclose PHI to health departments without patient authorization for public health activities, such as communicable disease reporting, or to a public health authority to prevent or control disease, injury, or disability under the public health exemption. A covered entity may access, use, and disclose PHI for clinical research without an individual’s authorization if:

Providers may disclose EHI without patient authorization when the data have been ‘de-identified’ … but still permits re-identification by providers or regional health information organizations through randomized patient source codes should a public health alert or case report become necessary.

Finally, providers may disclose a ‘limited data set,’ including dates and zip codes, without authorization and still re-identify patients if they maintain patient codes derived from certain identifiers.”

So, can your vaccination status be accessed by federal health agencies? Yes. Can that information be identifiable? Absolutely yes. Does that mean that you, as an individual, could be surveilled and/or get caught in a forced vaccination dragnet or end up experiencing negative repercussions in other areas of your life due to your vaccination status? Probably.

U.S. “privacy” laws certainly make allowances for such scenarios, and considering the behavior of government over the past three years, it would be naïve to believe they would never use your vaccination data against you.

Reuters Muddies the Water

Reuters also muddies the water in other ways. For example, the fact check stresses that medical providers have used the general code Z28.3 (which represents “underimmunized”) since 2015, and that “these codes are not used with purposes beyond…

Read full story…