State health authorities cannot use HIPAA to withhold information covered by public information laws, a Texas appeals court ruled, according to the Associated Press (AP).

Texas mental health officials cited HIPAA for refusing to release assault statistics from state mental health facilities to reporters. The ruling means that Texas public information laws override HIPAA privacy protections. That pleases advocates concerned officials would use HIPPA to shield state agencies from public oversight.

"This opinion gives important guidance to every Texas governmental body that is faced with a public information request for medical information where HIPAA applies,” a spokesman for the state attorney general told the AP.

COMMENTS:

The interaction between HIPAA and state law is a complex one that has many people confused. The Texas Court reached the correct conclusion in this case because HIPAA does not over-ride state laws that REQUIRE disclosure of information. HIPAA does over-ride state laws that merely "permit" disclosure.

As an example: many state laws require hospitals to report gun shot wounds to the local police and specify the elements to be reported. The hospital must provide the mandated elements, but may NOT permit access to the medical record unless the statute requires it. If state law merely says that the hospital "may" provide access to the medical record, this is permissive language and not mandated disclosure and HIPAA would not allow access to the record without complying with other terms of the law for consent.

ANOTHER POINT IN THIS CASE: It is not clear from the article whether the requested information would fall under HIPAA in the first place. If the request was for statistical data -- how many times patients and staff were assaulted -- this is not likely to involve any protected health information(PHI). Aggrigated data that is "disidentified" or purged of PHI elements would not come under HIPAA restrictions.