• Call Us: +1 833 990 1500 (Toll Free) (Mon - Fri, 7am - 3pm EST)
  • Email Us: info@medical-webinars.com

HIPAA Disclosures as Required by Law – by What Law? How do I know ‘That Law?’

02/27/2026
Live Webinar
39 day
12 hr
25 min
12 sec
HIPAA Disclosures as Required by Law - by What Law? How do I know ‘That Law?’

The HIPAA Privacy Rule sets national standards for the protection of individuals’ protected health information (PHI) held by “covered entities” such as health care providers, health plans, and health care clearinghouses.

While the Privacy Rule generally prohibits uses or disclosures of PHI without patient authorization, it also recognizes that other laws may legitimately require or permit such disclosures without individual consent.

One of the key challenges for covered entities is determining how state law requirements interact with HIPAA’s standards. Some state laws require patients’ informed consent before a provider can use or disclose their health information. Covered entities may wonder whether the HIPAA Privacy Rule overrides or preempts these state protections.

The Health and Human Services office clarifies that HIPAA does not take away state law protections and that covered entities may still obtain and must comply with state consent requirements where they exist. HIPAA does not prohibit a covered entity from obtaining an individual’s consent before using or disclosing PHI nor does it create a barrier to complying with a state law that mandates consent for such disclosures. In effect, state laws that provide greater privacy protections than HIPAA remain valid, and covered entities must honor them alongside HIPAA’s own requirements.

Another important situation involves disclosures to Protection and Advocacy (P&A) systems. Under federal statutes such as the Developmental Disabilities Assistance, Bill of Rights Act, and the Protection and Advocacy for Individuals with Mental Illness Act, states designate Protection and Advocacy systems to safeguard the rights of individuals with certain disabilities.

These laws require access to records in specific circumstances, such as investigating abuse, neglect, or violations of rights. HIPAA’s Privacy Rule recognizes that when a federal, state, or other law mandates such disclosures, covered entities may release PHI without the individual’s authorization to the designated P&A system — to the extent that the disclosure is required by that law and complies with its requirements.

Importantly, when a disclosure is “required by law” — whether by federal statute or a state requirement — the usual HIPAA minimum necessary standard does not limit the scope of information that may be disclosed if the governing law dictates the extent of the disclosure. Covered entities cannot use HIPAA as a reason to refuse to comply with other legal obligations: if another law compels a disclosure of PHI, the covered entity must comply with that law’s terms while also applying HIPAA’s safeguards and procedural requirements where appropriate.

In summary, HIPAA’s Privacy Rule establishes baseline protections for PHI, but it also anticipates and accommodates the existence of other laws that may require disclosures without patient authorization. Covered entities must be able to identify when such laws apply — whether state consent laws or federal statutes regarding Protection and Advocacy systems — and ensure that PHI is disclosed in conformity with both HIPAA and the applicable law.

Areas Covered in the Session

  • HIPAA Privacy Rule and the general rule against unauthorized PHI disclosures
  • How state laws interact with HIPAA disclosure requirements
  • Whether HIPAA preempts or overrides state laws
  • Federal statutes that mandate disclosures to Protection and Advocacy systems
  • Definition of ‘required by law’
  • HIPAA’s minimum necessary: where it does and does not apply
  • Compliance considerations
  • Examples Under State Law for Duty to Warn and Duty to Report Child or Adult Abuse or Neglect

Why should you Attend?

Any healthcare practitioner may at one point or another be required to disclose certain PHI according to federal or state law; this webinar helps guide you through it.

Who will Benefit?

All healthcare workers

Date: 02/27/2026

Time: 12:00 pm - 1:00 pm (EST)

Reg. deadline: 02/26/2026

Venue: Live Webinar

Enrollment option

Speaker

Mark R. Brengelman
Mark holds Bachelor’s and Master’s degrees in Philosophy from Emory University and a Juris Doctorate from the University of Kentucky. Retiring as an Assistant Attorney General, he now represents: health care professionals; two government health care licensure boards; a government ethics commission, and; parents and kids in confidential child abuse and neglect cases, termination of…
Show More

Related Events

The Future of Telehealth
Compliance Webinars
Live Webinar

The Future of Telehealth

Telehealth completely changed in 2020 when the Public Health Emergency was put into effect. Now in 2025, many of those temporary changes are expiring and the telehealth business has exploded. These methods of communication between provider and patient are loved by many, and the convenience of telehealth in healthcare has become a common occurrence. This webinar will be reviewing the current parts of telehealth that are being considered permanent in the 2026 Physicians Fee Schedule Final Rule and the new evaluation and management services that are new codes for CPT in 2025 related to telehealth. We will find out what the do’s and don’ts of telehealth that are here to stay, as well as implementing these new codes and regulations into your practice. These new rules and codes are important to any one currently offering telehealth as well all who are considering it to add it to their practice in order to be compliant and maximize reimbursement for the services performed. Areas Covered in this Webinar The CMS Telehealth List and how to use it Medicare’s rules G codes for Medicare telehealth CPT addition of 17 codes to the E/M section for Telehealth Education for office staff Implementation on your software programs Who Will Benefit Physicians Advanced Nurses Physicians Assistant Billers Coders Compliance Managers Administrators Case Managers Claims Processors

01/20/2026
Enroll/Buy Now
HIPAA Breach Risk Assessment for Ransomware Attacks
Compliance Webinars
Live Webinar

HIPAA Breach Risk Assessment for Ransomware Attacks

HIPAA Breach Risk Assessments determine whether a Ransomware attack constitutes a HIPAA Breach that triggers Breach Notification Rule reports and notifications. A Ransomware attack is automatically presumed to be a HIPAA Breach unless you do a HIPAA Breach Risk Assessment that demonstrates the attack resulted in only a low probability of compromise to the affected protected health information (PHI). This webinar explains how to do a Ransomware HIPAA Breach Risk Assessment. The Problem Solved by this Webinar The HHS Office for Civil Rights (OCR) declared that a breach of unsecured PHI is presumed to have occurred when electronic protected health information (ePHI) is encrypted as the result of a ransomware attack on a HIPAA-regulated entity (health care provider, health plan, health care clearinghouse, or business associate). The entity must then comply with the applicable breach notification provisions, including notifying affected individuals without unreasonable delay, the Secretary of HHS, and the media (for breaches affecting over 500 individuals), in accordance with HIPAA breach notification requirements. However, it is not a breach if the ransomware-victimized entity can demonstrate that there is a low probability that the encrypted ePHI has been compromised. This webinar explains how to do that. Areas Covered in the Webinar A Breach Risk Assessment can determine whether a ransomware attack is a breach of unsecured ePHI, triggering embarrassing reports and notifications. Factors that can be applied in performing a Breach Risk Assessment. OCR’s guidance about specific factors that can demonstrate a low probability of compromise to ePHI encrypted by a ransomware attack. How to perform a Breach Risk Assessment step-by-step. How to document a Breach Risk Assessment and why you must document it. What to do if you cannot demonstrate a low probability of compromise to ePHI. Why You Should Attend This Webinar Attend this webinar to learn how to perform a Breach Risk Assessment with a special emphasis on ransomware attacks. Ransomware attacks may have only a low probability of compromising ePHI. A Breach Risk Assessment can determine whether a ransomware attack resulted only in a low probability of compromise to ePHI and provide Covered Entities and Business Associates with Documentation to overcome the presumption that the ransomware attack was a Breach.. Who Will Benefit Health Care Covered Entities HIPAA Compliance Officials – Privacy and Security Officers Chief Compliance Officer Practice Managers Health Information Technology Supervisors Risk Managers Group Health Plan Administrators Third Party Group Health Plan Administrators Covered Entity Senior Management and Owners Health Care Providers practicing as individuals or in small groups Attorneys for Covered Entities – In-house and Outside Counsel Business Associates HIPAA Compliance Officials – Privacy and Security Officers Chief Compliance Officer Business Associate Senior Management and Owners Risk Managers Attorneys for Business Associates – In-house and Outside Counsel

01/21/2026
Enroll/Buy Now
HIPAA in 2026: What Changed, What’s Coming, and What It Means for Your Organization
Compliance Webinars
Live Webinar

HIPAA in 2026: What Changed, What’s Coming, and What It Means for Your Organization

Over the last few years, the U.S. Department of Health and Human Services, Office for Civil Rights has made modifications to patient privacy requirements. The agency is on track for enhancing care coordination, empowering patients, and reducing administrative burden. In addition, on the Security Rule side, the agency released a proposed rule to overhaul significant requirements and make cybersecurity safeguards a priority. Knowing what an organization must do to meet these new regulatory requirements can be challenging. The webinar will address what has already changed in privacy, cover proposed Privacy Rule modifications, and cover the Security Rule overhaul proposals. Timeline and compliance implications will be covered. After completing this webinar, a Covered Entity or Business Associate will have a clear understanding of what has changed and what will change. Objectives Who Must Comply with HIPAA Requirements? What are the HIPAA Security and Privacy Rules? What Has Already Changed in Privacy? What are the Proposed Privacy Rule Modifications? What are the proposed Security Rule modifications? What is the Timeline & Compliance Implications? What recommendations should be followed now? Q&A Webinar Highlights Learn from an expert on the implementation of the HIPAA rules Understand what the HIPAA management process currently requires Learn how to implement these changes for your organization Who Should Attend Compliance Officer HIPAA Privacy Officer HIPAA Security Officer Medical/Dental Office Managers Practice Managers Information Systems Manager Chief Information Officer General Counsel/lawyer Practice Management Consultants Any Business Associates that access protected health information

01/26/2026
Enroll/Buy Now
Pros & Cons of Outsourcing Revenue Cycle Functions: What You Need to Consider
Compliance Webinars
Live Webinar

Pros & Cons of Outsourcing Revenue Cycle Functions: What You Need to Consider

Many providers have considered outsourcing functions in the revenue cycle. Like all businesses, some third-party companies do excellent work for providers, but there may be others that look for ways to take advantage of their provider. Outsourcing has its own pros & cons that must be carefully considered. We will review major common areas that providers must weigh strategically before making a decision whether to outsource and selecting the best partner for your needs. It is vital providers know exactly who is handling their claims and what they are doing with their information. Definitions of third-party vendors Legal responsibilities of the provider Common industry trends Important questions to ask vendors & contractors Who Will Benefit Physicians Practice managers Medical assistants Nurses Compliance staff Billers Coders Revenue Cycle Risk Management Mid level providers  

01/26/2026
Enroll/Buy Now

© 2026 Medical Webinar. All rights reserved