25% off all training courses Offer ends May 29, 2026
View HIPAA Courses
Learner Login Learner Support
Learner Login Learner Support
25% off all training courses
View HIPAA Courses
Offer ends May 29, 2026

The HIPAA Journal is the leading provider of HIPAA training, news, regulatory updates, and independent compliance advice.

Does HIPAA Apply to Veterinarians?

Posted By on Nov 24, 2024

HIPAA does not apply to veterinarians because veterinarians do not conduct electronic healthcare transactions for which the Department of Health and Human Services has adopted standards and therefore do not qualify as HIPAA covered entities. However, regulations similar to HIPAA apply to veterinarians in several states or in certain circumstances.

In the context of the question does HIPAA apply to veterinarians, the “Applicability” section of the HIPAA General Provisions provides the answer. The Applicability section (§160.102) states HIPAA applies to health plans, health care clearinghouses, and healthcare providers who transmit health information in electronic form in connection with a covered transaction (collectively “covered entities”). HIPAA also applies “where provided” to business associates of covered entities.

Even though it could be argued that veterinarians qualify as healthcare providers (for animals), they do not fulfill the remaining criteria to qualify as HIPAA covered entities. This is because they do not electronically transmit health information relating to a person’s health condition (“person” defined in §160.103 as “a human being who is born alive”), treatment for the condition, or payment for the treatment in connection with a covered transaction adopted by Part 162 of the HIPAA regulations.

The Significance of the Part 162 Condition

The ”Part 162” condition for qualifying as a HIPAA covered entity means that veterinarians who (for example) are required by state laws to report zoonotic diseases in humans to public health agencies do not qualify as a HIPAA covered entity. It also exempts veterinarians from HIPAA data privacy regulations when reporting animal cruelty or neglect under state laws or when providing healthcare to a person as a “Good Samaritan”.

Get The FREE
HIPAA Compliance Checklist

Immediate Delivery of Checklist Link To Your Email Address

Please Enter Correct Email Address

Your Privacy Respected

HIPAA Journal Privacy Policy

Similarly, the “Part 162” condition excludes veterinarians from qualifying as business associates as business associates are defined as third parties who “create, receive, maintain, or transmit Protected Health Information [for on behalf of a covered entity] for a function or activity regulated by this subchapter” – “this subchapter” being the HIPAA Administrative Simplification Regulations, which include the Privacy and Security Rules, and the Part 162 Standards for Electronic Transactions.

What Regulations Similar to HIPAA Apply to Veterinarians?

Although veterinarians are not required to comply with HIPAA, there are many occasions when regulations similar to HIPAA apply to veterinarians. Most states have data privacy and breach notification laws, and several have HIPAA-esque regulations that apply to veterinary practices. An example of such a law is the California Business and Professions Code which, under §4857 of Chapter 11, Article 3 prohibits veterinarians from:

Disclosing any information concerning an animal patient receiving veterinary services, the client responsible for the animal patient, or the veterinary care provided to an animal patient, except under any of the following circumstances:

(1) Upon written or witnessed oral authorization by knowing and informed consent of the client.

(2) Upon authorization received by electronic transmission when originated by the client.

(3) In response to a valid court order or subpoena.

(4) As may be required to ensure compliance with any federal, state, county, or city law or regulation.

(5) If the care or service was for a horse that has participated in the previous year, or is intended to participate, in a licensed horse race.

There are exceptions to this privacy regulation. For example, disclosures are permitted to “other veterinarians and facilities for the purpose of diagnosis or treatment of the animal patient that is the subject of the medical records” and to “peace officers, humane society officers, or animal control officers who are acting to protect the welfare of animals”.

The failure to comply with §4857 carries a maximum penalty of $3,000 and/or up to one year in jail. However, if an impermissible disclosure places an animal or its owner in jeopardy, the fine increases to $5,000 and could result in the revocation of the veterinarian’s license.  A veterinarian can also face civil liability for damages caused by a negligent disclosure.

What Other Regulations Similar to HIPAA Apply to Veterinarians?

Other regulations similar to HIPAA that apply to veterinarians can be situation specific. For example, if a pet owner from Texas sustained an injury while their pet was being examined by a veterinarian (i.e., a scratch or bite), and the veterinarian administered medical treatment to the pet owner, any recorded details of the pet owner and the medical treatment administered would be subject to the requirements of the Texas Medical Records Act and the Texas Breach Notification Rule regardless of the location in which treatment was administered.

Similarly, if a veterinarian collects, stores, or processes data of EU citizens – for any purpose – the data are subject to the requirements of the General Data Protection Regulation (GDPR). For example, if an EU pet owner books an appointment with a rabies vaccination clinic, the information provided by the pet owner (name, cell phone number, email address, etc.) must be protected by the vaccination clinic until the purpose for collecting the data has been fulfilled – at which point the data must be deleted.

The VSG/AVMA Principles of Veterinary Data Ownership & Stewardship

Prior to 2019, the American Veterinary Medical Association (AVMA) maintained a web page listing what regulations similar to HIPAA apply to veterinarians. That page has since been removed. However, to help veterinarians comply with the wide range of data privacy regulations, the AVMA teamed up with Veterinary Study Groups, Inc. to produce eleven Principles of Veterinary Data Ownership and Stewardship (PDF). The eleven Principles are:

  1. Veterinary practices own their practice data.
  2. Control is a necessary condition of data ownership.
  3. Practice data should be portable and accessible.
  4. Prior consent is the foundation of proper data use.
  5. Data licensees should be transparent in their use of practice data.
  6. Veterinary practices should be able to limit and withdraw consent.
  7. Data should only be used for known lawful purposes.
  8. Data licensees should collect only the minimum required data.
  9. Data licensees should retain practice data only for the requisite time period.
  10. Data licensees should be responsible for their own and their licensees’ use of veterinary practice data.
  11. Data licensees should maintain the confidentiality and privacy of veterinary practice data.

Compliance with the Principles is voluntary – unless one or more Principles is mandated by a state law or licensing requirement. However, voluntary compliance with the Principles does not exclude a veterinarian from complying with state data privacy and breach notification regulations if a state has enacted regulations with more stringent compliance requirements than the VSG/AVMA Principles.

HIPAA Does Not Apply to Veterinarians, but It Can Apply to Animals

Although HIPAA does not apply to veterinarians, there are scenarios in which HIPAA applies to animals. These scenarios occur when information about a service or emotional support animal is maintained in the same designated record set as Protected Health Information by a HIPAA covered entity or business associate, and the information about a service or emotional support animal could be used to identify the human subject of the Protected Health Information.

While this information is not relevant to answering does HIPAA apply to veterinarians, it is important to distinguish between veterinarians and animals. HIPAA does not protect the privacy and security of veterinary medical records; but it does protect the privacy and security of any identifying information – including identifying information relating to animals and their care – that is maintained in the same designated record set as Protected Health Information.

Author: Steve Alder is the editor-in-chief of The HIPAA Journal. Steve is responsible for editorial policy regarding the topics covered in The HIPAA Journal. He is a specialist on healthcare industry legal and regulatory affairs, and has 10 years of experience writing about HIPAA and other related legal topics. Steve has developed a deep understanding of regulatory issues surrounding the use of information technology in the healthcare industry and has written hundreds of articles on HIPAA-related topics. Steve shapes the editorial policy of The HIPAA Journal, ensuring its comprehensive coverage of critical topics. Steve Alder is considered an authority in the healthcare industry on HIPAA. The HIPAA Journal has evolved into the leading independent authority on HIPAA under Steve’s editorial leadership. Steve manages a team of writers and is responsible for the factual and legal accuracy of all content published on The HIPAA Journal. Steve holds a Bachelor’s of Science degree from the University of Liverpool. You can connect with Steve via LinkedIn or email via stevealder(at)hipaajournal.com

x

Is Your Organization HIPAA Compliant?

Find Out With Our Free HIPAA Compliance Checklist

Get Free Checklist