HIPAA Privacy Protections and Child Abuse Reporting

Q : Texas law requires physicians to report suspected child abuse to the appropriate authority. Does the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule preempt this state law?

A : No. The HIPAA Privacy Rule permits physicians to disclose reports of child abuse or neglect to the appropriate government authority. There is no conflict between the state law and the Privacy Rule, and no preemption.

Further, even in the unusual case where a state law that requires reporting child abuse is contrary to a provision of the Privacy Rule, HIPAA's administrative simplification provisions specifically provide an exception to preemption of state law. In such cases, the state law automatically would prevail. This also applies to state laws that require reporting of disease, injury, birth, death, or information for public health surveillance, investigation, or intervention.

For more information about HIPAA, go to TMA's HIPAA resource center and the U.S. Department of Health and Human Services'  Health Information Privacy website.


NOTICE: The Texas Medical Association provides this information with the express understanding that 1) no attorney-client relationship exists, 2) neither TMA nor its attorneys are engaged in providing legal advice and 3) that the information is of a general character. This is not a substitute for the advice of an attorney. While every effort is made to ensure that content is complete, accurate and timely, TMA cannot guarantee the accuracy and totality of the information contained in this publication and assumes no legal responsibility for loss or damages resulting from the use of this content. You should not rely on this information when dealing with personal legal matters; rather legal advice from retained legal counsel should be sought.

 TMA Practice E-tips main page

Last Updated On

October 06, 2021

Originally Published On

March 23, 2010

Related Content

HIPAA | Risk Management