This is surprising. Are these databases not considered HIPAA covered entities? If they are not, is the state government itself forcing physicians and pharmacists to violate HIPAA by sharing medical and prescription information with a non covered entity? Officially, you can only share data with other entities for "treatment, payment, and operations". I don't see how law enforcement can access medical records without either a HIPAA release or a warrant.
