An important step toward compliance with the Privacy Rule is determining the state law requirements with which covered entities must comply and the state law requirements which are preempted by the HIPAA Privacy Rule. State law means a constitution, statute, regulation, rule, common law or other state action having the force and effect of law. 45 CFR § 160.202. For purposes of this analysis, the subject is certain of the state laws of the Commonwealth of Pennsylvania.