Prior to HIPPA, there was no uniformity; Statutes varied from state to state, and even from one healthcare organization to another.
If an organization was doing business in multiple states, they were subject to the rules of the state where each office was located, or by the rules of the state where the headquarters was located? Should they follow state rules and regulations, or federal guidelines? HIPAA Law provides a uniform, basic level of security and privacy throughout the country.
Some of the HIPPA laws are easy to understand but, many of the regulations are subjective and specific to certain cases. Basically, a healthcare provider needs to examine the requirements, take a look at current way things are being handled, particularly the personal health information, and apply the regulations in a way that makes the most sense. But keep in mind in areas where existing state law is stricter, those local statutes take precedence over any similar HIPAA laws.