State privacy and breach laws and HIPAA - Ep 98
Recently, New Mexico passed a new data breach notification law in March. Once it is signed there will only be 2 states that don't have their own notification rules, Alabama and South Dakota. What do all the state laws mean when you are also required to do HIPAA notifications.
Most of them say that if you are subject to GLBA or HIPAA the notification laws do not apply to you. But, it is always best to be sure you know what your state requires.
HIPAA says that as long as it is more strict than state laws then HIPAA takes precedence but many times states are now enacting stronger legislation in some areas.
California and Texas developed some pretty extensive requirements that apply to CEs and BAs in their states. Massachusetts also added their own twist beyond HIPAA.
More info at HelpMeWithHIPAA.com/98