go to University of Miami home page
go to site home pagego to reports pagego to laws and regulations pagego to glossary indexgo to FAQ indexgo to training matls indexgo to web links pagego to bibliography pagego to contact directory page

Home > Training Index >



Health Privacy Protections Under Florida Law


State laws that are more protective of health privacy take precedence over -- or, to use the legal term, preempt -- the federal requirements under HIPAA. (See Health Privacy Protections Under Federal Law.)

Citizens of this state already have a general right to privacy in health care, under the provisions of the Florida Patients Bill of Rights and Responsibilities (among other laws).

Florida laws provide that:

  • patients are entitled to a general written summary (notice) of their rights, from health care providers and facilities in which they receive treatment;
  • those rights include the ability to gain access to and obtain copies of their health records (except for details of psychiatric records);
  • disclosures of information beyond the practitioners and facilities involved in a patient's treatment generally require written authorization; and
  • holders of health records must maintain a record of all disclosures to third parties, including the purpose of the exchange.

Disease- and condition-specific rules for protection and disclosure also obtain for cancer, genetic-testing, HIV/AIDS, mental health, STDs and substance abuse, among others.

Florida provider responsibilities

Health care providers and facilities in Florida must:

  • adopt policies and procedures to ensure the confidentiality and security of medical records consistent with state law; and
  • generally respect patients' rights to privacy “to the extent consistent with providing adequate medical care to the patient and with the efficient administration of the health care facility or provider's office....”

Those that fail to do so are subject to civil and criminal sanctions, just as under HIPAA.

Unlike with HIPAA, there is no state requirement for a privacy officer, nor for workforce education on privacy issues. Which is why many providers and patients are unaware of what the state's laws already require.


see also:

last modified: 10-Feb-2003 [RC]


<< Back | P/DP Home | Training Index | Site Help | Search
  Privacy Policy Copyright Disclaimer Contact Info