HIPAA, or the Health Insurance Portability and Accountability Act, is a 1996 federal law that established national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge, according to the Centers for Disease Control and Prevention (CDC). In other words, HIPAA protects personal health information (PHI) while allowing the flow of health information needed to provide health care and to protect the public’s health and wellbeing.
Since the onset of COVID-19, HIPAA has been a hot topic. Many landlords aren’t sure how HIPAA impacts their rental property management business, particularly as it applies to emotional support animals and tenant screening. In this article, we’ll explain what rights individuals have under HIPAA, who has to follow this law, and why there’s so much confusion around protected health information.
Your Rights Under HIPAA
HIPAA grants you the right to keep your health information private – but what does that mean? The U.S. Department of Health and Human Services Office of Civil Rights created a video to address this question:
As the narrator explains, HIPAA gives patients:
- Access to their medical records: Sometimes, patients won’t be able to see or access their full medical records, but they always have the right to ask.
- The ability to request corrections: If a patient sees a mistake in their medical records, they can request an update be made.
- The chance to amend their records: If a patient disagrees with their doctor or health plan about certain information in their record, they can submit a written statement of disagreement that will be kept with their record.
- Information on how their health information is used and shared: Providers are allowed to share patient information without asking first, such as when multiple doctors work together to diagnose a patient or to report a flu outbreak. However, providers can’t give health information to outside entities, like the patient’s employer, without express permission.
- Accounting of disclosure access: Patients have the right to know who’s seen their medical records.
- Control over your contact with providers: For example, patients get to decide if their providers can call, leave voicemails, send emails, etc.
- The ability to decline information sharing: Patients can request that their information not be shared with specific people or organizations.
Who Has to Follow HIPAA?
Covered entities are required to comply with HIPAA – but what are covered entities? According to the CDC, only the following groups must follow HIPAA:
- “Every healthcare provider who electronically transmits health information in connection with certain transactions
- Health plans
- Healthcare clearinghouses
- Business associates that act on behalf of a covered entity, including claims processing, data analysis, utilization review, and billing”
You’ll notice that we haven’t really discussed landlords or property managers much up until this point. That was on purpose.
Residential landlords are not considered covered entities under HIPAA – so it doesn’t apply to your rental property management business.
Why Are Landlords and Property Managers Confused About HIPAA?
The short answer is that many landlords and property managers believe HIPAA applies to their business – but really, it’s the Fair Housing Act that they should focus on. Landlords can’t be sued under HIPAA, but you can face up to a $16,000 fine for your first fair housing violation.
The Fair Housing Act prohibits landlords and other housing providers from discriminating against applicants and tenants based on their:
- National Origin
- Sex (including gender identity and sexual orientation)
- Familial Status
Landlords often bring up HIPAA when they’re talking about screening tenants, especially those with emotional support animals. Many don’t understand what questions they can and can’t ask to validate an applicant’s emotional support animal housing letter.
Let’s clear the air: landlords and property managers can request verification of the applicant’s disability and related needs, but you cannot ask for:
- Their specific diagnosis
- Access to their medical records
- Access to the provider who verified the disability, except to authenticate the ESA letter and the provider’s signature
If the applicant’s provider started rattling off your prospective tenant’s diagnosis, they would be in violation of HIPAA, not you.
Looking to learn more about tenant screening and emotional support animals? Check out our free webinars below: