HIPAA Regulations for Medical Care
The HIPAA privacy regulation is based on four key concepts:
the covered entity;
protected health information (PHI);
the patient's control over the release of PHI; and
minimal necessary disclosure.
HIPAA preempts many state law governing access to medical records unless these laws provide more protection for the patient's medical information than HIPAA. As discussed later, HIPAA does not preempt state laws that require the release of information for legal and public health and safety purposes.