Health Information Compliance Alert

A new bill passed out of the California state Senate places power in the hands of a state agency to preempt state laws it believes aren't as tough as HIPAA.

The California State Senate's Senate Insurance Committee passed a bill Sept. 12 empowering the state's Office of HIPAA Implementation to decide which state privacy laws shall be preempted by the Health Insurance Portability and Accountability Act.

The bill (S.B. 1914), signed by Gov. Gray Davis (D), was essential due to language in the state Constitution that prevents state agencies from determining whether a state law can be preempted by federal law, a power held formerly by the state legislature and state appellate court. Text in the state's health and safety code requires that all state entities affected by HIPAA must comply with the decisions of the director of CalOHI in achieving compliance with HIPAA.

According to section 1(2) of the bill, "certain federal regulations that implement [HIPAA] will supersede less stringent state laws pertaining to the privacy of personal medical information." Additionally, section 2(a) of the bill directs CalOHI to "assume statewide leadership, coordination, direction, and oversight responsibilities" for determining which provisions of state law shall be preempted by HIPAA.

The complexity of CalOHI's preemption duties are considerable, and require communication and constructive debate among numerous sources prior to submitting any preemption drafts for public view on the office's Web site.

"We've just sent out a memo to every state department that's impacted by HIPAA,"says CalOHI's staff council Stephen Stuart. The memo, Stuart says, directs those state councils to review and then comment back on specific proposals for preemption.

Fortunately, Stuart tells Eli he has a lot of help from a work group that meets monthly consisting of roughly 60 or 70 attorneys. Those attorneys aid him with the office's efforts, he says. "I get ideas from them and I also draw information from sub-workgroups."

For example, Stuart notes that one of his partners is nearly prepared to post his analyses for mental health facilities, and another of his colleagues is facilitating the inclusion of HIPAA preemption analyses from the point of view of correctional facilities.

State entities affected by HIPAA are required to assist CalOHI in determining which state laws get axed. All other state laws relating to personal medical information that are found not to be in conflict with HIPAA will "remain in full force and effect," according to the text of the bill.

An important detail to remember, Stuart claims, is that his office has no particular slant or bias that might impair its duties. "I can tell you there's no way to say, 'I'd really like to help out the providers,' or 'I'd rather help out consumers.' The [structure of the program] doesn't really allow you to make those judgment calls."

The new law takes effect Jan. 1, 2003.