Covered entities subject to these rules are also subject to other federal statutes and regulations. For example, federal programs must comply with the statutes and regulations that govern them. Pursuant to their contracts, Medicare providers must comply with the requirements of the Privacy Act of 1974. Substance abuse treatment facilities are subject to the Substance Abuse Confidentiality provisions of the Public Health Service Act, section 543 and its regulations. And, health care providers in schools, colleges, and universities may come within the purview of the Family Educational Rights and Privacy Act. Thus, covered entities will need to determine how the privacy regulation will affect their ability to comply with these other federal laws.
Many commenters raised questions about how different federal statutes and regulations intersect with the privacy regulation. While we address specific concerns in the response to comments later in the preamble, in this section, we explore some of the general interaction issues. These summaries do not identify all possible conflicts or overlaps of the privacy regulation and other federal laws, but should provide general guidance for complying with both the privacy regulation and other federal laws. The summaries also provide examples of how covered entities can analyze other federal laws when specific questions arise. HHS may consult with other agencies concerning the interpretation of other federal laws as necessary.