ERISA guy Posted January 18 Report Share Posted January 18 The HIPAA Notice of Privacy Practices must be tailored to include state laws that are more restrictive than HIPAA (see https://www.hhs.gov/hipaa/for-professionals/faq/464/must-a-covered-entity-with-a-notice-revise-the-notice-every-time-it-changes/index.html). Is there a resource that puts out a good survey of those state laws? Practical Law does not appear to have have anything like that. Link to comment Share on other sites More sharing options...
Peter Gulia Posted January 19 Report Share Posted January 19 Evaluate whether SixFifty’s software and services might help you. https://www.sixfifty.com/products/privacy/all-us-privacy/ Also, are you sure Thomson Reuters Practical Law’s Data Privacy & Cybersecurity suite lacks the information you seek? https://content.next.westlaw.com/practical-law/data-privacy-cybersecurity/health-medical?transitionType=Default&contextData=(sc.Default)&navId=CCC952ED890C38386C41083B4FE14C15 Peter Gulia PC Fiduciary Guidance Counsel Philadelphia, Pennsylvania 215-732-1552 Peter@FiduciaryGuidanceCounsel.com Link to comment Share on other sites More sharing options...
fmsinc Posted January 19 Report Share Posted January 19 With respect to what issue? Link to comment Share on other sites More sharing options...
fmsinc Posted January 20 Report Share Posted January 20 Will HHS make determinations as to whether a provision of state law is “more stringent” than or “contrary” to a provision of the HIPAA Privacy Rule? Answer: The Department of Health and Human Services (HHS) will not make determinations as to whether a provision of State law is "more stringent" than a provision of the Privacy Rule. HIPAA's Administrative Simplification Rules provide a general exception to preemption for more stringent, contrary State laws. Because such an exception already exists, it is neither necessary nor appropriate to request a preemption exception determination from HHS. Further, HHS will not determine whether a provision is "contrary" to the Privacy Rule, except in the context of, and as necessary to, making an exception determination for State laws that meet one or more of the criteria listed at 45 CFR 160.203(a). See 45 C.F.R. 160.202 for the definitions of "more stringent" and "contrary." View an unofficial version of the Privacy Rule and the preemption requirements. https://www.hhs.gov/hipaa/for-professionals/faq/408/will-hhs-make-determinations-whether-a-provision-of-state-law-is-more-stringent/index.html I would think this is evidence that HHS does not maintain such a list, and that such determinations are made on a case by case basis, if at all. >>>>>>>>>>>>>>>>>>>>>>>>>> The attached survey of state laws may be helpful. >>>>>>>>>>>>>>>>>>>>>>>>>> See also https://abyde.com/state-laws-vs-hipaa-what-you-need-to-know/ >>>>>>>>>>>>>>>>>>>>>>>>>> See also https://www.findlaw.com/state/health-care-laws/medical-records.html >>>>>>>>>>>>>>>>>>>>>>>>>> David Goldberg 50-State-Survey-of-Health-Care-Information-Privacy-Laws.pdf Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now