State privacy laws

5.1. How do US states extend HIPAA?

The US federal government basically defines a “covered entity” as a health care provider, a health plan, or a health care clearninghouse. But the state of Texas extends the definition to include any business “assembling, collecting, analyzing, using, evaluating, storing, or transmitting protected health information” in the Texas Medical Records Privacy Act.

There are many state privacy laws, the most well-known being the California Consumer Privacy Act or CCPA. However, there are many other state laws to be aware of:

5.2. Is there such a thing as expert determination for CCPA?

California’s CCPA makes references to HIPAA, as do other state laws. In particular, California’s AB 713 refers to “The deidentification methodology described in Section 164.514(b)(1) of Title 45 of the Code of Federal Regulations, commonly known as the HIPAA expert determination method.”

Ask your legal counsel how state laws are relevant to your business.



Trusted consultants to some of the world’s leading companies

Amazon, Facebook, Google, US Army Corp of Engineers, Amgen, Microsoft, Hitachi Data Systems