2019 HIPAA Software


HIPAA Checklist

Other Resources

Last updated

HIPAA vs State Law for Medical Record Access

Federal HIPAA law mandates a 30-day period for accessing medical records. Once a patient requests their medical record, the healthcare provider has 30 days to furnish it. Some states however have laws that are stronger - that is, the time period is shorter than 30 days. Other states have a longer time period so are weaker and federal HIPAA law prevails. Yet other states have no specific law for this access period - in this case federal HIPAA law of 30 days prevails. Yet certain states have laws that govern only specific entities, in which case federal HIPAA applies to the covered entities (CAs). The following chart shows where each state stands compared to HIPAA.

  • Stronger = < 30 days, state law applies
  • Same = 30 days
  • Weaker = > 30 days, HIPAA applies
  • None = no state law, HIPAA applies
  • CAs = HIPAA applies to covered entities, state law applies for entities not covered under HIPAA

State Stronger Same Weaker None CAs
Alabama X
Alaska X
Arizona X
Arkansas X
California X
Colorado X
Connecticut X
Delaware X
Florida X
Georgia X
Hawaii X
Idaho X
Illinois X
Iowa X
Kansas X
Kentucky X
Louisiana X
Maine X
Maryland X
Massachusetts X
Michigan X
Minnesota X
Mississippi X
Missouri X
Montana X
Nebraska X
Nevada X
New Hampshire X
New Jersey X
New Mexico X
New York X
North Carolina X
North Dakota X
Ohio X
Oklahoma X
Oregon X
Pennsylvania X
Rhode Island X
South Carolina X
South Dakota X
Tennessee X
Texas X
Utah X
Vermont X
Virginia X
Washington X
West Virginia X
Wisconsin X
Wyoming X

This website uses cookies, like everyone else. More info. OK