| NYS
Statute |
HIPAA
Regulation (45 CFR Parts 160, 164) |
Preemption
Analysis |
| Civil
Practice Law and Rules Section 2302: Subpoenas |
| CPLR
2302 (a): Subpoenas may be issued without a court order by the
clerk of the court, a judge where there is no clerk, the attorney general,
an attorney of record for a party to an action, an administrative proceeding
or an arbitrator.....provided, however, that a subpoena to compel production
of a patient's clinical record maintained pursuant to the provisions of
section 33.13 of the MHL shall be accompanied by a court order... |
§164.501:
Required by law means a mandate contained in law that
compels a covered entity to make a use or disclosure of protected health
information and that is enforceable in a court of law. Required by law includes,
but is not limited to, court orders and court ordered warrants, subpoenas
or summons issued by a court, grand jury, a governmental or tribal inspector
general, or an administrative body authorized to require the production
of information; a civil or an authorized investigative demand; Medicare
conditions of participation with respect to health care providers participating
in the program; and statutes or regulations that require the production
of information, including statutes or regulations that require such information
if payment is sought under a government program providing public benefits.
§164.512(a): A covered entity may use or disclose PHI
to the extent that such use or disclosure is required by law and the use
or disclosure complies with and is limited to the relevant requirements
of such law.
|
No Preemption
State law applies, since it is more stringent by preventing disclosure without
an accompanying court order, which can only be made after specific findings
have been made. |
| Penal
Law Section 400: Firearms |
| Penal Law
§400(4) Investigation. Before a license( to possess or
deal in firearms) is issued or renewed, there shall be an investigation
of all statements required in the application by the duly constituted police
authorities of the locality where such application is made. For that purpose,
the records of the appropriate office of the department of mental hygiene
concerning previous or present mental illness of the applicant shall be
available for inspection by the investigating officer of the police authority....Upon
completion of the investigation, the police authority shall report the results
to the licensing officer without unnecessary delay. |
§164.501:
Required by law means a mandate contained in law that
compels a covered entity to make a use or disclosure of protected health
information and that is enforceable in a court of law. Required by law includes,
but is not limited to, court orders and court ordered warrants, subpoenas
or summons issued by a court, grand jury, a governmental or tribal inspector
general, or an administrative body authorized to require the production
of information; a civil or an authorized investigative demand; Medicare
conditions of participation with respect to health care providers participating
in the program; and statutes or regulations that require the production
of information, including statutes or regulations that require such information
if payment is sought under a government program providing public benefits.
§164.512(a): A covered entity may use or disclose PHI
to the extent that such use or disclosure is required by law and the use
or disclosure complies with and is limited to the relevant requirements
of such law.
§164.512(f) Disclosures for law enforcement purposes.
A covered entity may disclose PHI: (i) as required by law including laws
that require the reporting of certain types of wounds...(ii) In compliance
with and as limited by the relevant requirements of..(C) an administrative
request..., provided that: (1) the information sought is relevant and
material to a legitimate law enforcement inquiry; (2) the request is specific
and limited in scope to the extent reasonably practicable in light of
the purpose for which the information is sought; and (3) De-identified
information could not reasonably be used.
Preamble: "The importance and legitimacy of law enforcement
activities are beyond question, and they are not at issue in this regulation.
We permit disclosure of protected health information to law enforcement
officials without authorization in some situations precisely because of
the importance of these activities to public safety." (P. 82678:3)
|
No Preemption:
Because of the nexus between the need for the disclosure by law enforcement
and public safety, State law and the HIPAA Privacy regulation are consistent
and State law applies. Additionally, though not legally necessary, it is
possible that through the application process the individual is authorizing
this disclosure. |
| Labor
Law Sections 458,459: Explosives |
| Labor Law
§458(5): Before a license or certificate (to deal in explosives)
is issued, the Commissioner of Labor shall have the authority to request
and receive from any department, division, board, bureau, commission or
agency of the state or local government thereof such assistance and information
as will enable him properly and effectively to carry out his powers and
duties under this article.
Labor Law §459 (1): A license or certificate (to deal in explosives)
may be denied where the Commissioner of Labor has probably reason to believe...after
due investigation...that the applicant...has been confined as a patient
or inmate in a public or private institution for the treatment of mental
diseases...
|
§164.501:
Required by law means a mandate contained in law that
compels a covered entity to make a use or disclosure of protected health
information and that is enforceable in a court of law. Required by law includes,
but is not limited to, court orders and court ordered warrants, subpoenas
or summons issued by a court, grand jury, a governmental or tribal inspector
general, or an administrative body authorized to require the production
of information; a civil or an authorized investigative demand; Medicare
conditions of participation with respect to health care providers participating
in the program; and statutes or regulations that require the production
of information, including statutes or regulations that require such information
if payment is sought under a government program providing public benefits.
§164.512(a): A covered entity may use or disclose PHI
to the extent that such use or disclosure is required by law and the use
or disclosure complies with and is limited to the relevant requirements
of such law.
§164.512(f) Disclosures for law enforcement purposes.
A covered entity may disclose PHI: (i) as required by law including laws
that require the reporting of certain types of wounds...(ii) In compliance
with and as limited by the relevant requirements of..(C) an administrative
request..., provided that: (1) the information sought is relevant and
material to a legitimate law enforcement inquiry; (2) the request is specific
and limited in scope to the extent reasonably practicable in light of
the purpose for which the information is sought; and (3) De-identified
information could not reasonably be used.
Preamble: "The importance and legitimacy of law enforcement
activities are beyond question, and they are not at issue in this regulation.
We permit disclosure of protected health information to law enforcement
officials without authorization in some situations precisely because of
the importance of these activities to public safety." (P. 82678:3)
|
No Preemption:
Because of the nexus between the need for the disclosure by law enforcement
and public safety, State law and the HIPAA Privacy regulation are consistent
and State law applies. Additionally, though not legally necessary, it is
possible that through the application process the individual is authorizing
this disclosure |
