The Role of State Laws Protecting Medical Records
by Joanna Lyn Grama
Legal and Privacy Issues in Information Security, 3rd Edition
- Cover
- Title Page
- Copyright Page
- Contents
- Dedication
- Preface
- Acknowledgments
- About the Author
- Chapter 1 Information Security Overview
- Why Is Information Security an Issue?
- What Is Information Security?
- Basic Information Security Concepts
- What Are Common Information Security Concerns?
- What Are the Mechanisms That Ensure Information Security?
- U.S. National Security Information
- Do Special Kinds of Data Require Special Kinds of Protection?
- Chapter Summary
- Key Concepts and Terms
- Chapter 1 Assessment
- Endnotes
- Chapter 2 Privacy Overview
- Why Is Privacy an Issue?
- What Is Privacy?
- How Is Privacy Different from Information Security?
- What Are the Sources of Privacy Law?
- What Are Threats to Personal Data Privacy in the Information Age?
- What Is Workplace Privacy?
- What Are General Principles for Privacy Protection in Information Systems?
- Chapter Summary
- Key Concepts and Terms
- Chapter 2 Assessment
- Endnotes
- Chapter 3 The American Legal System
- Chapter 4 Security and Privacy of Consumer Financial Information
- Business Challenges Facing Financial Institutions
- The Different Types of Financial Institutions
- Consumer Financial Information
- Who Regulates Financial Institutions?
- The Federal Reserve System
- Federal Deposit Insurance Corporation
- National Credit Union Administration
- Office of the Comptroller of the Currency
- Special Role of the Federal Financial Institutions Examination Council
- Special Roles of the Consumer Financial Protection Bureau and the Federal Trade Commission
- The Gramm-Leach-Bliley Act
- Federal Trade Commission Red Flags Rule
- Payment Card Industry Standards
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 4 Assessment
- Endnotes
- Chapter 5 Security and Privacy of Information Belonging to Children and in Educational Records
- Chapter 6 Security and Privacy of Health Information
- Business Challenges Facing the Healthcare Industry
- Why Is Healthcare Information So Sensitive?
- The Health Insurance Portability and Accountability Act
- The Role of State Laws Protecting Medical Records
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 6 Assessment
- Endnotes
- Chapter 7 Corporate Information Security and Privacy Regulation
- The Enron Scandal and Securities-Law Reform
- Why Is Accurate Financial Reporting Important?
- The Sarbanes-Oxley Act of 2002
- Compliance and Security Controls
- SOX Influence in Other Types of Companies
- Corporate Privacy Issues
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 7 Assessment
- Endnotes
- Chapter 8 Federal Government Information Security and Privacy Regulations
- Chapter 9 State Laws Protecting Citizen Information and Breach Notification Laws
- Chapter 10 Intellectual Property Law
- The Digital Wild West and the Importance of Intellectual Property Law
- Legal Ownership and the Importance of Protecting Intellectual Property
- Patents
- Trademarks
- Copyright
- Protecting Copyrights Online—The Digital Millennium Copyright Act (DMCA)
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 10 Assessment
- Endnotes
- Chapter 11 The Role of Contracts
- Chapter 12 Criminal Law and Tort Law Issues in Cyberspace
- Chapter 13 Information Security Governance
- What Is Information Security Governance?
- Information Security Governance Documents
- Recommended Information Security Policies
- Case Studies and Examples
- Chapter Summary
- Key Concepts and Terms
- Chapter 13 Assessment
- Endnotes
- Chapter 14 Risk Analysis, Incident Response, and Contingency Planning
- Chapter 15 Computer Forensics and Investigations
- Appendix A Answer Key
- Appendix B Standard Acronyms
- Appendix C Law and Case Citations
- Appendix D The Constitution of the United States of America
- Glossary of Key Terms
- References
- Index
The Role of State Laws Protecting Medical Records
HIPAA sets the floor for PHI security and privacy protections. This means that states are free to create laws and rules that provide more protections than HIPAA. Covered entities have to comply with both laws. Generally speaking, the controlling law is whichever law is stricter, or provides greater patient rights.
Any state law that is contrary to HIPAA is not allowed. A state law is contrary if it is impossible for the covered entity to comply with both the state law and HIPAA. In these situations, the state laws are preempted by HIPAA.
States enact many laws that may affect PHI. These laws can provide more rights than allowed by HIPAA. For instance, in 2008 California enacted some of the strictest patient privacy protections in the country. California’s laws specify harsh penalties for providers caught snooping in patient medical records. California healthcare providers must report privacy breaches more quickly than is specified in HIPAA. The California law requires healthcare providers to notify people within 15 days of a breach of a patient’s medical information.71
It is important to review both state law and federal law when reviewing questions about the security and privacy of PHI. You must review both types of laws to make sure that covered entities are appropriately protecting this information.
-
No Comment