One of our ROC managers recently contacted me about a resident who claimed that the community was violating the Health Insurance Portability and Accountability Act of 1996 (often referred to as the "HIPAA laws").   While the community’s rules and regulations did not allow pets, several exceptions to the "no pet" rules had been granted.   The manager and the board had compiled a list of the names and addresses of each person permitted to have a pet in his or her home and the complaining resident was certain that by creating  this list the community had violated HIPAA.

The HIPAA laws create a "privacy rule" that prohibits certain "protected health information" from being disclosed.  This "privacy rule" applies to the following persons and businesses that have been defined by the U.S. Department of Health and Human Services as "covered entities":

  • Individual and group health plans that provide or pay the cost of medical care
  • Every health care provider, regardless of size, who electronically transmits health information in connection with claims, benefit eligibility inquiries, referral authorization requests, or certain other transactions
  • Health care clearinghouses such as billing services, repricing companies, and community health management information systems

ROCs would seem to fall well outside of any of the categories of these "covered entities" and as such would not be bound by the HIPAA privacy rules.

In addition, as I advised the community’s manager, the mere fact that a resident is allowed to have a pet doesn’t necessarily mean that the pet is in the home for medical or health reasons.   I thus did not see how the existence of this list violated HIPAA’s privacy rules.

However, I did remind the manager that if a member requested a list of all residents in the community that had pets and the association had in fact compiled such a list, the association would have to produce that list as required by Florida’s statutes governing condominiums, cooperatives, or homeowners associations.  

If a community does have a list of homes with pets–especially if the community is a "no pet" or a pet restricted community–I suggest that the list remain with the manager and that it not be distributed to the board or other members in the community.   This will take pressure off of the board and eliminate the danger that a board member may be accused of violating a resident’s privacy rights.  Even if that accusation proves to be unfounded, it’s an added aggravation and may result in expenses to the association that could have been avoided.