When it comes to the use and sharing of information, one cannot be too careful. Information that might not be dangerous or threatening at a particular time might turn out to be the catalyst in a future disaster. This is why everyone has the right to privacy and this includes health information. There are several information security rules some are specific to the use of information online, some employment information, some personal information and some health information. The Health Insurance Portability and Accountability Act (HIPAA) is one of such that is focused on health and it deals with the use of health information both electronically, verbally, and written information.
What the Health Insurance Portability and Accountability Act (HIPAA) do is to provide federal protections for every health information flagged as Protected Health Information (PHI). However, the Health Insurance Portability and Accountability Act (HIPAA) do not stand alone in protecting such important health information. There are specific state laws that either supports the Health Insurance Portability and Accountability Act (HIPAA) or stands on its own.
There are cases where the HIPAA permits a health care provider either a Covered Entity (CE) or a Business Associate (BA) to use or disclose a patient’s health information without the patient’s permission or without a formal permission but the state laws do not. The state laws would require that you get a written permission before using such information or before even disclosing such information. In some cases the state laws would not allow a CE or BA to share the information at all. In these cases, the Health Insurance Portability and Accountability Act (HIPAA) will not override the state law, knowing that the state law do not conflict with it and only provides more protection for the information. If a state law offers less protection than the HIPAA, a CE or BA can comply with both laws. While this is not a legal advice, it is better to follow the one that offers the most protection.