Does HIPAA Apply to Animals?

by

HIPAA does not apply to animals because the HIPAA Privacy Rule, HIPAA Security Rule, and HIPAA Breach Notification Rule protect individually identifiable health information about human individuals, not veterinary records or information about an animal’s health.

Protected health information under HIPAA is health information that identifies or can identify a person and relates to that person’s past, present, or future physical or mental health or condition, the provision of healthcare to the person, or payment for healthcare. Veterinary clinics, animal hospitals, breeders, shelters, and pet insurers are not regulated by HIPAA for animal medical records because those records are not about a human individual. HIPAA Covered Entities and Business Associates are regulated only when they handle protected health information about people.

HIPAA can become relevant when an animal-related record includes information that identifies a person and relates to that person’s healthcare. Examples include documentation in a healthcare setting about the use of a service animal, an animal bite treated in a clinical visit, or a zoonotic exposure recorded in a patient’s chart. In those situations, the protected information is the human patient’s protected health information, even if the record references an animal. A disclosure involving those records is evaluated under the HIPAA Privacy Rule and may implicate the HIPAA Security Rule when electronic protected health information is involved.

Accredited HIPAA Certification

Organizations should also consider mixed records and operational data. A hospital or clinic may maintain incident reports, workplace injury records, visitor logs, or security footage that involve an animal but also contain patient identifiers or clinical details. When those materials include protected health information, access, use, and disclosure must follow HIPAA requirements and internal policies for safeguarding and minimum necessary limitations when applicable.

HIPAA does not restrict a pet owner’s ability to share veterinary information about their own animal. Separate laws and contractual terms can restrict how veterinary providers use or share customer information, and state privacy or professional practice rules may apply. Those requirements are not part of HIPAA and should be evaluated under the relevant state regulatory framework and any applicable agreements.

James Keogh

James Keogh has been writing about the healthcare sector in the United States for several years and is currently the editor of HIPAAnswers. He has a particular interest in HIPAA and the intersection of healthcare privacy and information technology. He has developed specialized knowledge in HIPAA-related issues, including compliance, patient privacy, and data breaches. You can follow James on Twitter https://x.com/JamesKeoghHIPAA and contact James on LinkedIn https://www.linkedin.com/in/james-keogh-89023681 or email directly at [email protected]