June 8, 2020 When it comes to regulations surrounding the privacy and security of health information, federal HIPAA laws are typically the golden rules to follow. But did you know that many states have their own laws surrounding patient rights, data privacy, and medical records which sometimes overrule the federal guidelines? These state laws either predate the enactment of HIPAA or were passed to create stricter safeguards and typically focused on technology use. We understand HIPAA laws are confusing, and ensuring that you’re following the rules only becomes a little harder when it’s not crystal clear which rules are the ‘right’ ones. It’s important to note that when HIPAA laws and state laws go head to head, HIPAA typically comes out on top. But like most things, there are some exceptions to the rule where the state law takes precedence. These specific instances include: In HHS’ own words, “HIPAA provides a Federal floor of privacy protections for individuals’ individually identifiable health information,” basically meaning that any laws that are viewed to be ‘weaker’ than HIPAA regulations will be overruled. State laws will also be overruled if they contradict a HIPAA law. It’s not always easy to determine which laws are stricter and there are many areas of overlap between HIPAA regulations and state-specific laws. To try and give some clarity, here are some topics that commonly conflict each other: Source: healthinfolaw.org As data privacy has become an increasing topic of concern, individual state’s as well as the federal government have been enacting stricter policies on matters that concern the security and privacy of electronic health information. More recently, events such as the COVID-19 public health emergency have been a catalyst for updating regulations to best meet the changing needs of the public. And as HIPAA laws, as well as state laws, have been under constant update, it’s harder for practices to keep up. We know that HIPAA alone is confusing, especially when you add in state-specific rules and regulations, which is why Abyde dynamically generates policies and procedures specific to your practice and the state you’re located in if applicable. With Abyde you don’t have to worry about reading through pages of laws, determining whether there are any contradictions, and figuring out which law preempts the other – we’re here as your HIPAA experts to help do so for you! While we know HIPAA like the back and maybe even front of our hand, there may be laws outside of HIPAA that impact your practice and overall operations – this blog article shouldn’t be considered legal advice, and we always recommend consulting with a legal team regarding your practice’s legal needs!