Blog Post

State Laws Are Beginning To Impact HIPAA Privacy Programs

Richard P. Kusserow | November 2019
  • Results from the 2019 HIPAA Compliance Benchmark Survey Report™ provide actionable insights for providers. 
  • Some providers have already had incidents relating to state privacy laws.

In the 2019 HIPAA Compliance Benchmark Survey™ nearly two-thirds of respondents reported they had not yet felt the impact from state or local privacy laws. However, three percent reported that they had incidents relating to and/or experienced enforcement actions as result of these laws. Additionally, the survey results found that about one-third of participants were responding to state privacy laws by making changes in their information privacy programs. Catie Heindel, JD was a key developer of the survey, and was also responsible for analyzing and reporting the results.  Ms. Heindel explains that several states have enacted state specific actions and legal mandates related to patient privacy, and even more are considering similar legislation. As a result, many of her clients have requested assistance in adjusting their health information privacy program’s planning and training in anticipation of new and revised state and local laws.  Ms. Heindel warned that those with even limited operations in states with privacy laws must comply with such laws. She reminds everyone that State Attorney Generals can bring actions against organizations under most state privacy laws, and are permitted to enforce HIPAA if a breach affects individuals in their state. Attorney General enforcement under both state privacy laws and HIPAA have become an emerging trend in the past few years. She advises privacy officers to keep close tabs on changes in the regulatory landscape that impact their organization and the patients they serve.

More information on the results of the 2019 Compliance Benchmark Survey™ can be found at:

About the Author

Richard P. Kusserow established Strategic Management Services, LLC, after retiring from being the DHHS Inspector General, and has assisted over 2,000 health care organizations and entities in developing, implementing and assessing compliance programs.

Subscribe to blog