Avoiding Liability Bulletin – May 2005
… What is the difference between the way that HIPAA treats the subject of parental access to a minor’s records and the way your state law treats the issue? Likely none, since HIPAA essentially defers to state law regarding the subject. Not so with other issues, where state law and HIPAA may conflict. If one is a “covered provider,” for example, state law may have to give way to HIPAA requirements, like in those states where HIPAA provides the adult patient with greater rights to access his or her records than does the state law.
… If a health care provider transmits health information in electronic form with respect to one transaction with an insurance company for which the Secretary of the U.S. Department of Health and Human Services has adopted standards, is the health care provider covered by the requirements of the HIPAA “Privacy Rule” with respect to his or her entire practice, even though all other patients pay in cash or by check? The answer, in short, is “yes!”