Texas Enacts a New Patient Privacy Law


August 25, 2011

Texas Enacts a New Patient Privacy Law that is More Stringent than HIPAA

Michael J. Sacopulos, JD

 

Recently, Texas House Bill 300 was signed into law by Texas Governor Rick Perry.  The new law, which will become effective on September 1, 2012, expands privacy rights of patients beyond those contained in the HIPAA privacy standards. The law was created in order to better secure patients’ protected health information (PHI) that is sent electronically.

Notably, the new law bans the for profit sale of PHI, requires employees of covered entities to undergo training regarding health privacy law, requires that health care providers supply individuals with access to their PHI within 15 days of a request, increases penalties for the wrongful electronic disclosure of PHI, and requires the Texas Health Services Authority to develop privacy and security standards for the electronic sharing of PHI.  Also, the Office of the Attorney General must create a complaint system and maintain a website that includes patients’ medical privacy rights under federal and state law.

House Bill 300 received the support of the Texas Medical Association, which is a physician advocacy group representing over 45,000 physicians in Texas.