dissenting.
I respectfully dissent.
In 2005, the General Assembly amended the Official Code of Georgia by inserting a new Code section, OCGA § 9-11-9.2, for the purpose of improving “defendants’ access to plaintiffs’ health information in medical malpractice cases____” Ga. L. 2005, p. 1; pp. 4-5, § 4. At issue in this case is whether OCGA § 9-11-9.2 is preempted by a federal law designed to protect health information privacy known as the Health Insurance Portability and Accountability Act of 1996 (HIPAA).27
When Linda Queen filed her medical malpractice action against Northlake Medical Center (Northlake), OCGA § 9-11-9.2 provided that Queen was required to file a medical authorization with the *516complaint authorizing Northlake’s attorney to obtain Queen’s “protected health information” from physicians or health care facilities to facilitate Northlake’s investigation, evaluation and defense of the malpractice claim. OCGA§ 9-11-9.2 (a) further provides that failure to provide the authorization subjects the complaint to dismissal. As the majority opinion clearly shows, Queen (or her attorneys) deliberately chose to subject her malpractice complaint to a dismissal motion by filing a medical authorization with the complaint that was not in compliance with OCGA § 9-11-9.2, but which stated to the contrary that Queen would not authorize Northlake’s attorney to obtain her protected health information because OCGA § 9-11-9.2 was preempted by HIPAA. When Northlake moved for dismissal of the complaint under OCGA § 9-11-9.2 (a) on the basis that Queen failed to file the required medical authorization with the complaint, the trial court agreed that HIPAA preempted the requirements of OCGA § 9-11-9.2 and denied the motion to dismiss.. Contrary to the majority opinion which affirms the trial court, I find that OCGA § 9-11-9.2 was not preempted by HIPAA and that Queen’s failure to comply with OCGA § 9-11-9.2 entitled Northlake to dismissal of the complaint.
The caption and body of OCGA § 9-11-9.2 provide as follows:
§ 9-11-9.2. Medical authorization forms; review of protected health information
(a) In any action for damages alleging medical malpractice against a professional licensed by the State of Georgia and listed in subsection (d) of Code Section 9-11-9.1, against a professional corporation or other legal entity that provides health care services through a professional licensed by the State of Georgia and listed in subsection (d) of Code Section 9-11-9.1, or against any licensed health care facility alleged to be liable based upon the action or inaction of a health care professional licensed by the State of Georgia and listed in subsection (d) of Code Section 9-11-9.1, contemporaneously with the filing of the complaint, the plaintiff shall be required to file a medical authorization form. Failure to provide this authorization shall subject the complaint to dismissal.
(b) The authorization shall provide that the attorney representing the defendant is authorized to obtain and disclose protected health information contained in medical records to facilitate the investigation, evaluation, and defense of the claims and allegations set forth in the complaint which pertain to the plaintiff or, where applicable, the *517plaintiffs decedent whose treatment is at issue in the complaint. This authorization includes the defendant’s attorney’s right to discuss the care and treatment of the plaintiff or, where applicable, the plaintiffs decedent with all of the plaintiffs or decedent’s treating physicians.
(c) The authorization shall provide for the release of all protected health information except information that is considered privileged and shall authorize the release of such information by any physician or health care facility by which health care records of the plaintiff or the plaintiffs decedent would be maintained.
The provisions of OCGA § 9-11-9.2 were part of a package of civil justice and health care reforms enacted in 2005 in response to a crisis discerned by the General Assembly in the provision and quality of health care in Georgia. As stated in Section 1 of the Act:
The General Assembly finds that there presently exists a crisis affecting the provision and quality of health care services in this state. Hospitals and other health care providers in this state are having increasing difficulty in locating liability insurance and, when such hospitals and providers are able to locate such insurance, the insurance is extremely costly. The result of this crisis is the potential for a diminution of the availability of access to health care services and a resulting adverse impact on the health and well-being of the citizens of this state. The General Assembly further finds that certain civil justice and health care regulatory reforms as provided in this Act will promote predictability and improvement in the provision of quality health care services and the resolution of health care liability claims and will thereby assist in promoting the provision of health care liability insurance by insurance providers.
Ga. L. 2005, pp. 1-2, § 1. As part of this reform Act, OCGA § 9-11-9.2 promotes efficient resolution of medical malpractice claims by requiring the plaintiff to file a written medical authorization form with the complaint which allows the defendant’s attorney to immediately “obtain and disclose [the plaintiffs] protected health information contained in medical records to facilitate the investigation, evaluation, and defense of the claims and allegations set forth in the complaint — ” OCGA§ 9-11-9.2 (b). By stating that the authorization includes the defendant’s attorney’s right to discuss the plaintiffs medical care and treatment with the plaintiffs treating physicians, and that it authorizes physicians or health care facilities to release *518the plaintiffs protected health information, the statute also encourages use of the authorization form as a means of conducting informal discovery. OCGA § 9-11-9.2 (b), (c). Although nothing in the statute requires physicians to engage in éx parte discussions with the defendant’s attorney as part of informal discovery, the statute promotes ex parte discussions to facilitate timely and cost-efficient resolution of claims.
In construing the meaning and operation of OCGA§ 9-11-9.2, we presume that the General Assembly enacted the statute with knowledge of and with reference to existing law. “Newer statutes are construed in connection and in harmony with existing laws because all statutes are presumed to be enacted by the legislature with full knowledge of the existing condition of the law and with reference to it; they are to be construed in connection and in harmony with the existing law.” Lamad Ministries v. Dougherty County Bd. of Tax Assessors, 268 Ga. App. 798, 801 (602 SE2d 845) (2004). When OCGA § 9-11-9.2 was enacted, existing Georgia law provided that, although a patient has a privacy right in his or her medical records, the right is not absolute and it is “waived to the extent that the patient places his care and treatment or the nature and extent of his injuries' at issue in any civil or criminal proceeding.” OCGA § 24-9-40 (a); Orr v. Sievert, 162 Ga. App. 677, 678-680 (292 SE2d 548) (1982); compare King v. State, 272 Ga. 788, 789-794 (535 SE2d 492) (2000). As we explained in Orr, the existing Georgia law provided that:
Once a patient places his care and treatment at issue in a civil proceeding, there no longer remains any restraint upon a doctor in the release of medical information concerning the patient within the parameters of the complaint. To hold otherwise would allow a patient to restrain a doctor who possesses the most relevant information and opinions from responding to inquiries as to such information or giving such opinions without a written authorization, court order, or subpoena.
Orr, 162 Ga.App. at 679-680.Accordingly, when OCGA § 9-11-9.2 was enacted existing Georgia law provided that, by filing a medical malpractice complaint, the plaintiff waived the right to privacy in the plaintiffs medical records •— without the necessity of waiver by a written medical authorization — to the extent the complaint placed the plaintiffs medical care and treatment or the nature and extent of the plaintiffs injuries at issue in the civil action.
It follows that, when the General Assembly enacted OCGA § 9-11-9.2, there was no necessity under existing Georgia law to require that the plaintiff file a written medical authorization with the *519complaint to establish a waiver of the plaintiffs privacy rights in relevant medical records. There was such a necessity, however, under existing federal law in HIPAA. To implement HIPAA privacy standards with respect to health information, regulations were promulgated under title 45 of the Code of Federal Regulations, which are collectively known as the HIPAA “Privacy Rule.” The Privacy Rule defines and protects “individually identifiable health information,” and then specifically refers to this information throughout the Rule as “protected health information.” 45 CFR § 160.103. The type of health information a defendant’s attorney is authorized to obtain about a plaintiff pursuant to OCGA § 9-11-9.2 qualifies as “protected health information” under the HIPAAPrivacy Rule. 45 CFR § 160.103. Although there are various circumstances under the Privacy Rule where no written authorization is required for use or disclosure of “protected health information,” none of those circumstances applies in this case. Accordingly, when OCGA § 9-11-9.2 was enacted, the HIPAA Privacy Rule required that a written authorization be obtained from the plaintiff for a health care provider to disclose the plaintiffs “protected health information” to the defendant’s attorney under the statute. 45 CFR §§ 164.502 (a); 164.508. Moreover, with certain exceptions, the HIPAA Privacy Rule made clear that it preempted contrary state law, defined as situations where compliance with both state and federal requirements would be impossible, or where the state law “stands as an obstacle to the accomplishment and execution of the full purposes and objectives” of HIPAA. 45 CFR §§ 160.202; 160.203.
As stated above, when OCGA§ 9-11-9.2 was enacted in 2005, we presume that the General Assembly had knowledge that, contrary to existing Georgia law, the existing HIPAA Privacy Rule required a written authorization for disclosure of “protected health information” pursuant to OCGA § 9-11-9.2 and that, unless OCGA § 9-11-9.2 required a HIPAA-compliant written authorization, the statute would be preempted by HIPAA. Lamad Ministries, 268 Ga. App. at 801. There is ample reason to apply this presumption and conclude that the General Assembly considered the HIPAA requirements when it enacted OCGA § 9-11-9.2. First, because there was no necessity for a written authorization under existing Georgia law, it stands to reason that the General Assembly had HIPAA in mind when it required a written authorization under OCGA § 9-11-9.2. Second, OCGA§ 9-11-9.2 twice uses the term “protected health information” to refer to the information to be disclosed pursuant to the required written authorization. OCGA § 9-11-9.2 (b), (c). As set forth above, the HIPAA Privacy Rule defines and protects “individually identifiable health information,” and thereafter repeatedly refers to this information by the term “protected health information.” 45 CFR § 160.103. In fact, *520the section of the Privacy Rule which sets forth the core elements for a HIPAA-compliant written authorization provides that: “Except as otherwise permitted or required by this subchapter, a covered entity may not use or disclose protected health information without an authorization that is valid under this section.” 45 CFR § 164.508 (a) (emphasis supplied). Third, the provisions of OCGA § 9-11-9.2 describing the required written authorization are consistent with the core elements of a valid written authorization under HIPAA as set forth in 45 CFR § 164.508 (c), and nothing in the statute prevents a plaintiff from incorporating those elements in the authorization. Those core elements are set forth in the Privacy Rule as follows:
(i) A description of the information to be used or disclosed that identifies the information in a specific and meaningful fashion.
(ii) The name or other specific identification of the person(s), or class of persons, authorized to make the requested use or disclosure.
(iii) The name or other specific identification of the person(s), or class of persons, to whom the covered entity may make the requested use or disclosure.
(iv) A description of each purpose of the requested use or disclosure. The statement “at the request of the individual” is a sufficient description of the purpose when an individual initiates the authorization and does not, or elects not to, provide a statement of the purpose.
(v) An expiration date or an expiration event that relates to the individual or the purpose of the use or disclosure. The statement “end of the research study,” “none,” or similar language is sufficient if the authorization is for a use or disclosure of protected health information for research, including for the creation and maintenance of a research database or research repository.
(vi) Signature of the individual and date. If the authorization is signed by a personal representative of the individual, a description of such representative’s authority to act for the individual must also be provided.
*52145 CFR § 164.508 (c) (1). In addition to the above core elements, the Privacy Rule requires that the authorization give notice of the right to revoke the authorization in writing. 45 CFR § 164.508 (c) (2).
The provisions of OCGA § 9-11-9.2 are consistent with all of the above core elements. The written authorization required under the statute specifically and meaningfully identifies the information to be disclosed by stating that it is protected health information of the plaintiff that “facilitate [s] the investigation, evaluation, and defense of the claims and allegations set forth in the complaint which pertain to the plaintiff....” OCGA § 9-11-9.2 (b). The statute cannot be fairly read, as the majority opinion contends, to authorize disclosure of the plaintiffs health information unrelated to the claims in the medical malpractice complaint. Moreover, reading OCGA § 9-11-9.2 in harmony with existing Georgia law makes clear that the General Assembly did not intend the expansive reading given to the statute by the majority opinion. OCGA § 24-9-40 (a); Orr, 162 Ga. App. at 678-680. As to other core elements, the statute identifies the persons disclosing and receiving the information, and describes the purpose for which the disclosed information is to be used. As to the core element requiring an expiration date or event that relates to the purpose of the use or disclosure, the provision in the statute that the information is disclosed to “facilitate the investigation, evaluation, and defense of the claims and allegations set forth in the complaint . . .” provides for an expiration event — the resolution or dismissal of the civil action commenced by the complaint. Finally, the statute clearly calls for the plaintiffs signature on a written authorization which takes effect on the date it is contemporaneously filed with the complaint. Because the provisions of OCGA § 9-11-9.2 are consistent with and not contrary to the core elements of a HIPAAcompliant authorization, there is no basis for finding that HIPAA preempts the statute. 45 CFR §§ 160.202; 160.203.
Although OCGA § 9-11-9.2 says nothing about the additional HIPAA requirement of notice of the right to revoke the authorization, the statute does not prevent a plaintiff from revoking the required authorization after it has been filed with the complaint. The HIPAA Privacy Rule provides that an individual may revoke an authorization in writing at any time, except where the physician or other entity disclosing protected health information pursuant to the authorization has taken action in reliance thereon, and in other cases dealing with authorizations provided as a condition of obtaining insurance coverage. 45 CFR § 164.508 (b) (5). These exceptions to the right to revoke would not preclude a plaintiff from revoking the authorization during the pendency of the complaint to prevent disclosure of information not previously disclosed pursuant to the authorization. However, if a plaintiff exercises the right under HIPAA to revoke an *522authorization filed with the complaint as required by OCGA § 9-11-9.2, revocation would be the equivalent of failure to provide the required authorization and would subject the medical malpractice action to dismissal pursuant to OCGA § 9-11-9.2 (a). Giving notice of the right to revoke a HIPAA-compliant authorization for disclosure of protected health information makes clear to the individual giving the authorization that additional disclosure of information can be stopped at any time by revocation before the date or event on which the authorization would expire. A plaintiff required by OCGA § 9-11-9.2 to file a medical authorization as a condition of filing and maintaining the complaint has notice of the right to stop additional disclosure of protected health information at any time by dismissing the complaint and thereby accelerating the expiration event for the authorization. Under the circumstances, notice of the right to dismiss the complaint at any time and cause the authorization to expire provides the equivalent of notice of the right to revoke the authorization at any time. Because the provisions of OCGA § 9-11-9.2 are consistent with and not contrary to the HIPAA Privacy Rule requirement for notice of the right to revoke the authorization, HIPAA does not preempt the statute. 45 CFR §§ 160.202; 160.203.
Decided July 13, 2006. Troutman Sanders, Daniel S. Reinhardt, Michael E. Johnson, Weinberg, Wheeler, Hudgins, Gunn & Dial, Alan M. Maxwell, JohnM. Hawkins, for appellant. Carter & Tate, Mark A. Tate, Nall & Miller, Robert L. Goldstucker, Benjamin S. Persons TV, Richard Kopelman, for appellee. Love, Willingham, Peters, Gilleland & Monyak, Allen S. Willing-ham, Robert P. Monyak, Robertson, Bodoh & Nasrallah, Matthew G. Nasrallah, amici curiae.Pub. L. 104-191, codified in various sections of the United States Code.