Relates to the privacy of individually identifiable health information means, with respect to a State law, that the State law has the specific purpose of protecting the privacy of health information or affects the privacy of health information in a direct, clear, and substantial way.
Comment: One comment criticized the definition of this term as too narrow in scope and too uncertain. The commenter argued that determining the specific purpose of a state law may be difficult and speculative, because many state laws have incomplete, inaccessible, or non-existent legislative histories. It was suggested that the definition be revised by deleting the word “specific” before the word “purpose.” Another commenter argued that the definition of this term should be narrowed to minimize reverse preemption by more stringent state laws. One commenter generally supported the proposed definition of this term.
Response: We are not accepting the first comment. The purpose of a given state enactment should be ascertainable, if not from legislative history or a purpose statement, then from the statute viewed as a whole. The same should be true of state regulations or rulings. In any event, it seems appropriate to restrict the field of state laws that may potentially trump the federal standards to those that are clearly intended to establish state public policy and operate in the same area as the federal standards. To the extent that the definition in the rules below does this, we have accommodated the second comment. We note, however, that we do not agree that the definition should be further restricted to minimize “reverse preemption,” as suggested by this comment, as we believe that state laws that are more protective of privacy than contrary federal standards should remain, in order to ensure that the privacy of individuals’ health information receives the maximum legal protection available.
