Jump to content

State laws more stringent than HIPAA


Recommended Posts

The HIPAA Notice of Privacy Practices must be tailored to include state laws that are more restrictive than HIPAA (see https://www.hhs.gov/hipaa/for-professionals/faq/464/must-a-covered-entity-with-a-notice-revise-the-notice-every-time-it-changes/index.html). Is there a resource that puts out a good survey of those state laws? Practical Law does not appear to have have anything like that. 

Link to comment
Share on other sites

Evaluate whether SixFifty’s software and services might help you.

https://www.sixfifty.com/products/privacy/all-us-privacy/

Also, are you sure Thomson Reuters Practical Law’s Data Privacy & Cybersecurity suite lacks the information you seek?

https://content.next.westlaw.com/practical-law/data-privacy-cybersecurity/health-medical?transitionType=Default&contextData=(sc.Default)&navId=CCC952ED890C38386C41083B4FE14C15

Peter Gulia PC

Fiduciary Guidance Counsel

Philadelphia, Pennsylvania

215-732-1552

Peter@FiduciaryGuidanceCounsel.com

Link to comment
Share on other sites

Will HHS make determinations as to whether a provision of state law is “more stringent” than or “contrary” to a provision of the HIPAA Privacy Rule?

Answer:

The Department of Health and Human Services (HHS) will not make determinations as to whether a provision of State law is "more stringent" than a provision of the Privacy Rule. HIPAA's Administrative Simplification Rules provide a general exception to preemption for more stringent, contrary State laws. Because such an exception already exists, it is neither necessary nor appropriate to request a preemption exception determination from HHS. Further, HHS will not determine whether a provision is "contrary" to the Privacy Rule, except in the context of, and as necessary to, making an exception determination for State laws that meet one or more of the criteria listed at 45 CFR 160.203(a).

See 45 C.F.R. 160.202 for the definitions of "more stringent" and "contrary."  View an unofficial version of the Privacy Rule and the preemption requirements.

https://www.hhs.gov/hipaa/for-professionals/faq/408/will-hhs-make-determinations-whether-a-provision-of-state-law-is-more-stringent/index.html

I would think this is evidence that HHS does not maintain such a list, and that such determinations are made on a case by case basis, if at all. 

>>>>>>>>>>>>>>>>>>>>>>>>>>

The attached survey of state laws may be helpful.   

>>>>>>>>>>>>>>>>>>>>>>>>>>

See also https://abyde.com/state-laws-vs-hipaa-what-you-need-to-know/

>>>>>>>>>>>>>>>>>>>>>>>>>>

See also https://www.findlaw.com/state/health-care-laws/medical-records.html

>>>>>>>>>>>>>>>>>>>>>>>>>>

David Goldberg

 

50-State-Survey-of-Health-Care-Information-Privacy-Laws.pdf

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share

×
×
  • Create New...