Articles

14Jul

New Texas health privacy law H.B. 300 more expansive than HIPAA

[BY LATOYA LANG]

Texas governor, Rick Perry, has signed a new health bill, H.B. 300, into law that enforces new obligations in addition to the requirements of the HIPAA privacy rule. The law, which becomes effective September 1, 2012, provides an expansive definition of a covered entity and is likely to include non-covered entities under HIPAA, including survey researchers.

Under the new law, a covered entity is defined as any entity that engages in “assembling, collecting, analyzing, using, evaluating, storing or transmitting protected health information.  A covered entity will also include an entity that “comes into possession of” or “obtains or stores” protected health information (PHI). Protected health information is defined to include “any information that reflects that an individual received health care from the covered entity; and is not public information and is not subject to disclosure” in accordance to Texas law.

The law specifically creates the following obligations:

  • Requires all employees of covered entities to undergo training on HIPAA and the Texas privacy law within 60 days of hiring;
  • Prohibits the disclosure of PHI for remuneration, unless to other covered entities for treatment, payment, operations, insurance or as required by law;
  • Requires covered entities to provide notice to individuals that their PHI is subject to electronic disclosure and obtain authorization for any electronic disclosure of PHI;
  • Mandates that health care providers must provide individuals with access to their PHI within 15 days of their request;
  • Authorizes the Texas Attorney General, Texas Health Services Authority or the Texas Department of Insurance to conduct compliance audits of covered entities that have consistently violated the Texas law; and
  • Creates an obligation for the Texas Health Services Authority to develop privacy and security stands for the electronic sharing of PHI.

In light of the new obligations under this law, drafting agreements which specify the relationship and responsibilities all parties is very important when engaging in any potential transaction involving health care. The broad definitions used in this new law requires survey researchers who engage respondents for health care in the state of Texas to take appropriate steps to reasonably minimize access to health care information and begin steps to comply with obligations for the new HIPAA requirements as a business associate and the Texas law as a covered entity.

The information provided in this document is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any given laws/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Areas for Improvement in Draft House Financial Privacy Legislation

Areas for Improvement in Draft House Financial Privacy Legislation

The House Financial Services Committee plans to discuss draft legislation to reform the privacy prov...

Read More >
Clarifications from Colorado Attorney General Would Ease Insights Industry Compliance with Colorado Privacy Act

Clarifications from Colorado Attorney General Would Ease Insights Industry Compliance with Colorado Privacy Act

With Colorado’s new comprehensive privacy law coming into effect this summer, the Insights Associat...

Read More >
Lawsuit Against New Minors Privacy Law in California

Lawsuit Against New Minors Privacy Law in California

An internet industry association has sued to enjoin and invalidate a new minors privacy law, the Cal...

Read More >
Fighting for You: January 2023 Legislative and Regulatory Update

Fighting for You: January 2023 Legislative and Regulatory Update

As America readies for the grand finale of another football season, we are just beginning our year-l...

Read More >
Privacy for America Responds to Proposed Financial Privacy Rules from CFPB

Privacy for America Responds to Proposed Financial Privacy Rules from CFPB

In response to proposed rules from the U.S. Consumer Financial Protection Bureau (CFPB) on data acce...

Read More >
New Jersey A. 4919 - Children's Data Protection Commission

New Jersey A. 4919 - Children's Data Protection Commission

New Jersey Assemblymember Herb Conaway Jr. (D-NJ-07) introduced A. 4919, legislation modeled on the ...

Read More >
Members only Article - Please login to view