I need the answer for this question. What law protects medical records?
Is the answer common law, statutory law, or equity?
On a Federal level, to be precise, the Health Insurance Portability and Accountability Act. Most States enjoy their own laws as well, which may be more restrictive.
I would vote Common Law.
Since Congress has clearly mandated that HIPAA "shall supersede any contrary provision of state law," within is no option for abiding by only state law instead of HIPAA. 42 U.S.C. § 1320d-7(a)(1) (implemented at 45 C.F.R. § 160.203). Where your state's protections for PHI are smaller number stringent than HIPAA, your state's laws are contrary to HIPAA - it would be impossible to release the PHI under the state law short violating HIPAA. Therefore, you should always comply with HIPAA's provisions governing disclosure of PHI surrounded by response to a civil subpoena, see 45 C.F.R. 164.512(e), in any type of civil case if your state's protections for PHI are weaker than those offered by HIPAA. This applies in suits brought underneath either state or Federal law.
Federal HIPPA protects your rights as a patient and have instituted strict rules in allowing others to view your records.