If HIPAA rules are stricter than state law, which standard should you follow and why? What if
the state law was stricter?
To determine which standard to follow, you need to consider the principle of "preemption." This means that when there is a conflict between federal and state laws, the federal law usually takes precedence. However, in the case of HIPAA (Health Insurance Portability and Accountability Act), there is a provision known as the "preemption clause" that allows states to have more stringent privacy regulations if they wish.
So, if HIPAA rules are stricter than state law, you should follow the HIPAA standard because it sets a national minimum for privacy and security standards in healthcare. Those who need to comply with HIPAA, such as healthcare providers and covered entities, should ensure they meet its requirements regardless of state law.
On the other hand, if the state law is stricter than HIPAA, the state law would prevail, and you would need to follow the state standard. In this case, you would need to comply with the more stringent requirements imposed by the state law.
It's important to note that when multiple laws apply, it's crucial to consult legal professionals or experts who specialize in healthcare privacy regulations to ensure full compliance. They can provide accurate and up-to-date guidance based on the specific circumstances and jurisdiction.