New Texas health privacy law H.B. 300 more expansive than HIPAA - Articles

Articles

14Jul

New Texas health privacy law H.B. 300 more expansive than HIPAA

[BY LATOYA LANG]

Texas governor, Rick Perry, has signed a new health bill, H.B. 300, into law that enforces new obligations in addition to the requirements of the HIPAA privacy rule. The law, which becomes effective September 1, 2012, provides an expansive definition of a covered entity and is likely to include non-covered entities under HIPAA, including survey researchers.

Under the new law, a covered entity is defined as any entity that engages in “assembling, collecting, analyzing, using, evaluating, storing or transmitting protected health information.  A covered entity will also include an entity that “comes into possession of” or “obtains or stores” protected health information (PHI). Protected health information is defined to include “any information that reflects that an individual received health care from the covered entity; and is not public information and is not subject to disclosure” in accordance to Texas law.

The law specifically creates the following obligations:

  • Requires all employees of covered entities to undergo training on HIPAA and the Texas privacy law within 60 days of hiring;
  • Prohibits the disclosure of PHI for remuneration, unless to other covered entities for treatment, payment, operations, insurance or as required by law;
  • Requires covered entities to provide notice to individuals that their PHI is subject to electronic disclosure and obtain authorization for any electronic disclosure of PHI;
  • Mandates that health care providers must provide individuals with access to their PHI within 15 days of their request;
  • Authorizes the Texas Attorney General, Texas Health Services Authority or the Texas Department of Insurance to conduct compliance audits of covered entities that have consistently violated the Texas law; and
  • Creates an obligation for the Texas Health Services Authority to develop privacy and security stands for the electronic sharing of PHI.

In light of the new obligations under this law, drafting agreements which specify the relationship and responsibilities all parties is very important when engaging in any potential transaction involving health care. The broad definitions used in this new law requires survey researchers who engage respondents for health care in the state of Texas to take appropriate steps to reasonably minimize access to health care information and begin steps to comply with obligations for the new HIPAA requirements as a business associate and the Texas law as a covered entity.

The information provided in this document is not intended and should not be construed as or substituted for legal advice. It is provided for informational purposes only. It is advisable to consult with private counsel on the precise scope and interpretation of any given laws/legislation and their impact on your particular business.

About the Author

Howard Fienberg

Howard Fienberg

Based in Washington, DC, Howard is the Insights Association's lobbyist for the marketing research and data analytics industry, focusing primarily on consumer privacy and data security, the Telephone Consumer Protection Act (TCPA), tort reform, and the funding and integrity of the decennial Census and the American Community Survey (ACS). Howard has more than two decades of public policy experience. Before the Insights Association, he worked in Congress as senior legislative staffer for then-Representatives Christopher Cox (CA-48) and Cliff Stearns (FL-06). He also served more than four years with a science policy think tank, working to improve the understanding of scientific and social research and methodology among journalists and policymakers. Howard is also co-director of The Census Project, a 900+ member coalition in support of a fair and accurate Census and ACS. He has also served previously on the Board of Directors for the National Institute for Lobbying and Ethics and and the Association of Government Relations Professionals. Howard has an MA International Relations from the University of Essex in England and a BA Honors Political Studies from Trent University in Canada, and has obtained the Certified Association Executive (CAE), Professional Lobbying Certificate (PLC) and the Public Policy Certificate (PPC). When not running advocacy for the Insights Association, Howard enjoys hockey, NFL football, sci-fi and horror movies, playing with his dog, and spending time with family and friends.

Related

Fighting for You: November 2024 Legislative and Regulatory Update

Fighting for You: November 2024 Legislative and Regulatory Update

As leaves accumulated and election season reached a crescendo, the Insights Association welcomed the...

Read More >
FAQs on Collecting and Handling Race, Ethnicity, Sex and Other Sensitive Data

FAQs on Collecting and Handling Race, Ethnicity, Sex and Other Sensitive Data

Given the increasing focus on diversity and inclusion in society overall, market research firms are ...

Read More >
CPPA Expands California Data Broker Definition for Registry

CPPA Expands California Data Broker Definition for Registry

​​​​​​​On November 8, 2024, the California Privacy Protection Agency (CPPA) adopted new rules...

Read More >
Maryland Kids Code Now Law

Maryland Kids Code Now Law

The Maryland Age-Appropriate Design Code Act (AKA, the Maryland Kids Code) came into effect on Octob...

Read More >
KOSA and COPPA 2.0 Pass U.S. House Committee

KOSA and COPPA 2.0 Pass U.S. House Committee

Minors privacy bills, including one supported by the Insights Association, passed a key House commit...

Read More >
Data Protection Act of 2024 - S. 5170

Data Protection Act of 2024 - S. 5170

​​​​​​​The Data Protection Act (S. 5170) is comprehensive privacy legislation that would crea...

Read More >
Members only Article - Please login to view