Categories
- Accountable Care Organizations
- Ambulatory Surgery Centers
- Anesthesiologists
- Antitrust in Healthcare
- Behavioral Health
- Clinical Integration
- Compliance Issues
- COVID-19 Resources
- Dental Practice Issues
- Fraud and Abuse
- Health Care Contracting
- Health Care Legislation
- Health Law Practice
- HIPAA – Health Information Privacy
- Home Health
- Hospital Issues
- Licensing
- Long Term Care
- Managed Care Contracting
- Medical Staff Organization & Structure
- Medicare and Medicaid
- Medicare and Medicaid Reimbursement
- Physician Issues
- Radiology Issues
- Reimbursement Issues
- Self Disclosure Protocols
- Stark Law and Anti-Kickback Issues
- Telemedicine
- Uncategorized
- Wisconsin Government
- Wisconsin Health Laws
- Wisconsin Hospitals
- Wisconsin Long Term Care
- Wisconsin Physician Issues
Wisconsin Health Law Posts
- The Impact of a Physician’s Ethical Obligations on Concierge Program Structure
- Birth to 3 Program Family Communication Published
- Wisconsin HIPAA Resources –
- CMS Will Hold Lessons from the Front Line
- Wisconsin Emergency Order #35 –
Meta
HIPAA Preemption of State Law
The HIPAA Privacy Rule provides a Federal floor of privacy protections for individuals’ individually identifiable health information where that information is held by a covered entity or by a business associate of the covered entity. State laws that are contrary to the Privacy Rule are preempted by the Federal requirements, unless a specific exception applies. These exceptions include if the State law:
- relates to the privacy of individually identifiable health information and provides greater privacy protections or privacy rights with respect to such information
- provides for the reporting of disease or injury, child abuse, birth, or death, or for public health surveillance, investigation, or intervention, or
- requires certain health plan reporting, such as for management or financial audits. In these circumstances, a covered entity is not required to comply with a contrary provision of the Privacy Rule.
Additional areas that permit State law to have an exception from the Federal preemption rules can be created by formal request from the State if certain requirements are met. The Department of Health and Human Services (HHS) may, following request from a State, determine that a provision of State law which is “contrary” to the Federal requirements – as defined by the HIPAA Administrative Simplification Rules – and which meets certain additional criteria, will not be preempted by the Federal requirements. The Secretary of HHS must determine that one of the following criteria apply before granting and exception from the HIPAA preemption rules. These criteria require a showing that the state law at issue:
- is necessary to prevent fraud and abuse related to the provision of or payment for health care,
- is necessary to ensure appropriate State regulation of insurance and health plans to the extent expressly authorized by statute or regulation,
- is necessary for State reporting on health care delivery or costs,
- is necessary for purposes of serving a compelling public health, safety, or welfare need, and, if a Privacy Rule provision is at issue, if the Secretary determines that the intrusion into privacy is warranted when balanced against the need to be served; or
- has as its principal purpose the regulation of the manufacture, registration, distribution, dispensing, or other control of any controlled substances (as defined in 21 U.S.C. 802), or that is deemed a controlled substance by State law.
Only State laws that are “contrary” to the Federal requirements are eligible for an exemption determination. In order to be considered “contrary” it must be impossible for a covered entity to comply with both the State and Federal requirements, or that the provision of State law is an obstacle to accomplishing the full purposes and objectives of the Administrative Simplification provisions of HIPAA.