Limits on release of medical records. After the state hospital and state training school denied the P&A's request to access the medical records of its disabled patients, both sides sought guidance on the extent to which HIPAA and the Medicaid Act affected the disclosure requirements of the P&A Acts. The court determined that the limits on the release of protected health information found in HIPAA and the Medicaid Act do not prevent the P&A from accessing protected health information. Under HIPAA, medical records may be released when required by another law. The P&A Acts require the release of medical records in certain circumstances, satisfying requirements for release of the information under HIPAA.
The law is pretty clear. If HIPAA comes into conflict with an existing state law, in most cases the state law will have precedence. Mostly this was intended to allow states to have stronger regulations regarding privacy, but I can see where in this case the state law would need to have more juice, even though it doesn't deal directly with privacy. Lawyers.... tell me if I am mistaken!