Printer Friendly, PDF & Email

Addressing the gap: Understanding the mismatched requirements between HIPAA and state privacy laws

Listen to article
13 minute read

The United States has long taken a sector-specific approach to data privacy, which differs from other regions, such as Canada and the European Union, which take a broader approach. In recent years, U.S. Congress struggled to arrive at a federal law that would apply data privacy principles and rights more generally.[1] Therefore, several states passed and implemented general data privacy laws in the absence of progress at the federal level. Specifically, the states of California, Colorado, Utah, Connecticut, and Virginia passed general data privacy laws. These state privacy laws create a complicated layer for organizations already complying with sector-specific privacy laws, including HIPAA. This article will discuss how these state laws interact with HIPAA, including HIPAA-related exceptions to the laws. In addition, it will provide an overview of some key differences between the various state privacy laws and HIPAA that may require organizations to reevaluate how they address their privacy obligations.

This document is only available to members. Please log in or become a member.

Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field