Bill Text: TX HB300 | 2011-2012 | 82nd Legislature | Enrolled
Bill Title: Relating to the privacy of protected health information; providing administrative, civil, and criminal penalties.
Spectrum: Strong Partisan Bill (Republican 10-1)
Status: (Passed) 2011-06-17 - Effective on . . . . . . . . . . . . . . . [HB300 Detail]
Download: Texas-2011-HB300-Enrolled.html
H.B. No. 300 |
|
||
relating to the privacy of protected health information; providing | ||
administrative, civil, and criminal penalties. | ||
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: | ||
SECTION 1. Section 181.001(b), Health and Safety Code, is | ||
amended by amending Subdivisions (1) and (3) and adding | ||
Subdivisions (2-a) and (2-b) to read as follows: | ||
(1) "Commission" [ |
||
and Human Services Commission [ |
||
|
||
(2-a) "Disclose" means to release, transfer, provide | ||
access to, or otherwise divulge information outside the entity | ||
holding the information. | ||
(2-b) "Executive commissioner" means the executive | ||
commissioner of the Health and Human Services Commission. | ||
(3) "Health Insurance Portability and Accountability | ||
Act and Privacy Standards" means the privacy requirements in | ||
existence on September 1, 2011 [ |
||
Administrative Simplification subtitle of the Health Insurance | ||
Portability and Accountability Act of 1996 (Pub. L. No. 104-191) | ||
contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A | ||
and E. | ||
SECTION 2. Subchapter A, Chapter 181, Health and Safety | ||
Code, is amended by adding Section 181.004 to read as follows: | ||
Sec. 181.004. APPLICABILITY OF STATE AND FEDERAL LAW. (a) | ||
A covered entity, as that term is defined by 45 C.F.R. Section | ||
160.103, shall comply with the Health Insurance Portability and | ||
Accountability Act and Privacy Standards. | ||
(b) Subject to Section 181.051, a covered entity, as that | ||
term is defined by Section 181.001, shall comply with this chapter. | ||
SECTION 3. Section 181.005, Health and Safety Code, is | ||
amended to read as follows: | ||
Sec. 181.005. DUTIES OF THE EXECUTIVE COMMISSIONER. (a) | ||
The executive commissioner shall administer this chapter and may | ||
adopt rules consistent with the Health Insurance Portability and | ||
Accountability Act and Privacy Standards to administer this | ||
chapter. | ||
(b) The executive commissioner shall review amendments to | ||
the definitions in 45 C.F.R. Parts 160 and 164 that occur after | ||
September 1, 2011 [ |
||
the best interest of the state to adopt the amended federal | ||
regulations. If the executive commissioner determines that it is | ||
in the best interest of the state to adopt the amended federal | ||
regulations, the amended regulations shall apply as required by | ||
this chapter. | ||
(c) In making a determination under this section, the | ||
executive commissioner must consider, in addition to other factors | ||
affecting the public interest, the beneficial and adverse effects | ||
the amendments would have on: | ||
(1) the lives of individuals in this state and their | ||
expectations of privacy; and | ||
(2) governmental entities, institutions of higher | ||
education, state-owned teaching hospitals, private businesses, and | ||
commerce in this state. | ||
(d) The executive commissioner shall prepare a report of the | ||
executive commissioner's determination made under this section and | ||
shall file the report with the presiding officer of each house of | ||
the legislature before the 30th day after the date the | ||
determination is made. The report must include an explanation of | ||
the reasons for the determination. | ||
SECTION 4. Section 181.006, Health and Safety Code, is | ||
amended to read as follows: | ||
Sec. 181.006. PROTECTED HEALTH INFORMATION NOT PUBLIC. | ||
Notwithstanding Sections 181.004 and 181.051, for [ |
||
entity that is a governmental unit, an individual's protected | ||
health information: | ||
(1) includes any information that reflects that an | ||
individual received health care from the covered entity; and | ||
(2) is not public information and is not subject to | ||
disclosure under Chapter 552, Government Code. | ||
SECTION 5. Subchapter B, Chapter 181, Health and Safety | ||
Code, is amended by adding Section 181.059 to read as follows: | ||
Sec. 181.059. CRIME VICTIM COMPENSATION. This chapter does | ||
not apply to any person or entity in connection with providing, | ||
administering, supporting, or coordinating any of the benefits | ||
regarding compensation to victims of crime as provided by | ||
Subchapter B, Chapter 56, Code of Criminal Procedure. | ||
SECTION 6. Chapter 181, Health and Safety Code, is amended | ||
by adding Subchapter C to read as follows: | ||
SUBCHAPTER C. ACCESS TO AND USE OF PROTECTED HEALTH INFORMATION | ||
Sec. 181.101. TRAINING REQUIRED. (a) Each covered entity | ||
shall provide a training program to employees of the covered entity | ||
regarding the state and federal law concerning protected health | ||
information as it relates to: | ||
(1) the covered entity's particular course of | ||
business; and | ||
(2) each employee's scope of employment. | ||
(b) An employee of a covered entity must complete training | ||
described by Subsection (a) not later than the 60th day after the | ||
date the employee is hired by the covered entity. | ||
(c) An employee of a covered entity shall receive training | ||
described by Subsection (a) at least once every two years. | ||
(d) A covered entity shall require an employee of the entity | ||
who attends a training program described by Subsection (a) to sign, | ||
electronically or in writing, a statement verifying the employee's | ||
attendance at the training program. The covered entity shall | ||
maintain the signed statement. | ||
Sec. 181.102. CONSUMER ACCESS TO ELECTRONIC HEALTH RECORDS. | ||
(a) Except as provided by Subsection (b), if a health care | ||
provider is using an electronic health records system that is | ||
capable of fulfilling the request, the health care provider, not | ||
later than the 15th business day after the date the health care | ||
provider receives a written request from a person for the person's | ||
electronic health record, shall provide the requested record to the | ||
person in electronic form unless the person agrees to accept the | ||
record in another form. | ||
(b) A health care provider is not required to provide access | ||
to a person's protected health information that is excepted from | ||
access, or to which access may be denied, under 45 C.F.R. Section | ||
164.524. | ||
(c) For purposes of Subsection (a), the executive | ||
commissioner, in consultation with the Department of State Health | ||
Services, the Texas Medical Board, and the Texas Department of | ||
Insurance, by rule may recommend a standard electronic format for | ||
the release of requested health records. The standard electronic | ||
format recommended under this section must be consistent, if | ||
feasible, with federal law regarding the release of electronic | ||
health records. | ||
Sec. 181.103. CONSUMER INFORMATION WEBSITE. The attorney | ||
general shall maintain an Internet website that provides: | ||
(1) information concerning a consumer's privacy rights | ||
regarding protected health information under federal and state law; | ||
(2) a list of the state agencies, including the | ||
Department of State Health Services, the Texas Medical Board, and | ||
the Texas Department of Insurance, that regulate covered entities | ||
in this state and the types of entities each agency regulates; | ||
(3) detailed information regarding each agency's | ||
complaint enforcement process; and | ||
(4) contact information, including the address of the | ||
agency's Internet website, for each agency listed under Subdivision | ||
(2) for reporting a violation of this chapter. | ||
Sec. 181.104. CONSUMER COMPLAINT REPORT BY ATTORNEY | ||
GENERAL. (a) The attorney general annually shall submit to the | ||
legislature a report describing: | ||
(1) the number and types of complaints received by the | ||
attorney general and by the state agencies receiving consumer | ||
complaints under Section 181.103; and | ||
(2) the enforcement action taken in response to each | ||
complaint reported under Subdivision (1). | ||
(b) Each state agency that receives consumer complaints | ||
under Section 181.103 shall submit to the attorney general, in the | ||
form required by the attorney general, the information the attorney | ||
general requires to compile the report required by Subsection (a). | ||
(c) The attorney general shall de-identify protected health | ||
information from the individual to whom the information pertains | ||
before including the information in the report required by | ||
Subsection (a). | ||
SECTION 7. Subchapter D, Chapter 181, Health and Safety | ||
Code, is amended by adding Sections 181.153 and 181.154 to read as | ||
follows: | ||
Sec. 181.153. SALE OF PROTECTED HEALTH INFORMATION | ||
PROHIBITED; EXCEPTIONS. (a) A covered entity may not disclose an | ||
individual's protected health information to any other person in | ||
exchange for direct or indirect remuneration, except that a covered | ||
entity may disclose an individual's protected health information: | ||
(1) to another covered entity, as that term is defined | ||
by Section 181.001, or to a covered entity, as that term is defined | ||
by Section 602.001, Insurance Code, for the purpose of: | ||
(A) treatment; | ||
(B) payment; | ||
(C) health care operations; or | ||
(D) performing an insurance or health | ||
maintenance organization function described by Section 602.053, | ||
Insurance Code; or | ||
(2) as otherwise authorized or required by state or | ||
federal law. | ||
(b) The direct or indirect remuneration a covered entity | ||
receives for making a disclosure of protected health information | ||
authorized by Subsection (a)(1)(D) may not exceed the covered | ||
entity's reasonable costs of preparing or transmitting the | ||
protected health information. | ||
Sec. 181.154. NOTICE AND AUTHORIZATION REQUIRED FOR | ||
ELECTRONIC DISCLOSURE OF PROTECTED HEALTH INFORMATION; EXCEPTIONS. | ||
(a) A covered entity shall provide notice to an individual for whom | ||
the covered entity creates or receives protected health information | ||
if the individual's protected health information is subject to | ||
electronic disclosure. A covered entity may provide general notice | ||
by: | ||
(1) posting a written notice in the covered entity's | ||
place of business; | ||
(2) posting a notice on the covered entity's Internet | ||
website; or | ||
(3) posting a notice in any other place where | ||
individuals whose protected health information is subject to | ||
electronic disclosure are likely to see the notice. | ||
(b) Except as provided by Subsection (c), a covered entity | ||
may not electronically disclose an individual's protected health | ||
information to any person without a separate authorization from the | ||
individual or the individual's legally authorized representative | ||
for each disclosure. An authorization for disclosure under this | ||
subsection may be made in written or electronic form or in oral form | ||
if it is documented in writing by the covered entity. | ||
(c) The authorization for electronic disclosure of | ||
protected health information described by Subsection (b) is not | ||
required if the disclosure is made: | ||
(1) to another covered entity, as that term is defined | ||
by Section 181.001, or to a covered entity, as that term is defined | ||
by Section 602.001, Insurance Code, for the purpose of: | ||
(A) treatment; | ||
(B) payment; | ||
(C) health care operations; or | ||
(D) performing an insurance or health | ||
maintenance organization function described by Section 602.053, | ||
Insurance Code; or | ||
(2) as otherwise authorized or required by state or | ||
federal law. | ||
(d) The attorney general shall adopt a standard | ||
authorization form for use in complying with this section. The form | ||
must comply with the Health Insurance Portability and | ||
Accountability Act and Privacy Standards and this chapter. | ||
(e) This section does not apply to a covered entity, as | ||
defined by Section 602.001, Insurance Code, if that entity is not a | ||
covered entity as defined by 45 C.F.R. Section 160.103. | ||
SECTION 8. Section 181.201, Health and Safety Code, is | ||
amended by amending Subsections (b) and (c) and adding Subsections | ||
(b-1), (d), (e), and (f) to read as follows: | ||
(b) In addition to the injunctive relief provided by | ||
Subsection (a), the attorney general may institute an action for | ||
civil penalties against a covered entity for a violation of this | ||
chapter. A civil penalty assessed under this section may not | ||
exceed: | ||
(1) $5,000 [ |
||
one year, regardless of how long the violation continues during | ||
that year, committed negligently; | ||
(2) $25,000 for each violation that occurs in one | ||
year, regardless of how long the violation continues during that | ||
year, committed knowingly or intentionally; or | ||
(3) $250,000 for each violation in which the covered | ||
entity knowingly or intentionally used protected health | ||
information for financial gain. | ||
(b-1) The total amount of a penalty assessed against a | ||
covered entity under Subsection (b) in relation to a violation or | ||
violations of Section 181.154 may not exceed $250,000 annually if | ||
the court finds that the disclosure was made only to another covered | ||
entity and only for a purpose described by Section 181.154(c) and | ||
the court finds that: | ||
(1) the protected health information disclosed was | ||
encrypted or transmitted using encryption technology designed to | ||
protect against improper disclosure; | ||
(2) the recipient of the protected health information | ||
did not use or release the protected health information; or | ||
(3) at the time of the disclosure of the protected | ||
health information, the covered entity had developed, implemented, | ||
and maintained security policies, including the education and | ||
training of employees responsible for the security of protected | ||
health information. | ||
(c) If the court in which an action under Subsection (b) is | ||
pending finds that the violations have occurred with a frequency as | ||
to constitute a pattern or practice, the court may assess a civil | ||
penalty not to exceed $1.5 million annually [ |
||
(d) In determining the amount of a penalty imposed under | ||
Subsection (b), the court shall consider: | ||
(1) the seriousness of the violation, including the | ||
nature, circumstances, extent, and gravity of the disclosure; | ||
(2) the covered entity's compliance history; | ||
(3) whether the violation poses a significant risk of | ||
financial, reputational, or other harm to an individual whose | ||
protected health information is involved in the violation; | ||
(4) whether the covered entity was certified at the | ||
time of the violation as described by Section 182.108; | ||
(5) the amount necessary to deter a future violation; | ||
and | ||
(6) the covered entity's efforts to correct the | ||
violation. | ||
(e) The attorney general may institute an action against a | ||
covered entity that is licensed by a licensing agency of this state | ||
for a civil penalty under this section only if the licensing agency | ||
refers the violation to the attorney general under Section | ||
181.202(2). | ||
(f) The office of the attorney general may retain a | ||
reasonable portion of a civil penalty recovered under this section, | ||
not to exceed amounts specified in the General Appropriations Act, | ||
for the enforcement of this subchapter. | ||
SECTION 9. Section 181.202, Health and Safety Code, is | ||
amended to read as follows: | ||
Sec. 181.202. DISCIPLINARY ACTION. In addition to the | ||
penalties prescribed by this chapter, a violation of this chapter | ||
by a covered entity [ |
||
an agency of this state is subject to investigation and | ||
disciplinary proceedings, including probation or suspension by the | ||
licensing agency. If there is evidence that the violations of this | ||
chapter are egregious and constitute a pattern or practice, the | ||
agency may: | ||
(1) revoke the covered entity's [ |
||
|
||
(2) refer the covered entity's case to the attorney | ||
general for the institution of an action for civil penalties under | ||
Section 181.201(b). | ||
SECTION 10. Section 181.205, Health and Safety Code, is | ||
amended by amending Subsection (b) and adding Subsection (c) to | ||
read as follows: | ||
(b) In determining the amount of a penalty imposed under | ||
other law in accordance with Section 181.202, a court or state | ||
agency shall consider the following factors: | ||
(1) the seriousness of the violation, including the | ||
nature, circumstances, extent, and gravity of the disclosure; | ||
(2) the covered entity's compliance history; | ||
(3) whether the violation poses a significant risk of | ||
financial, reputational, or other harm to an individual whose | ||
protected health information is involved in the violation; | ||
(4) whether the covered entity was certified at the | ||
time of the violation as described by Section 182.108; | ||
(5) the amount necessary to deter a future violation; | ||
and | ||
(6) the covered entity's efforts to correct the | ||
violation. | ||
(c) On receipt of evidence under Subsections [ |
||
(a) and (b), a court or state agency shall consider the evidence and | ||
mitigate imposition of an administrative penalty or assessment of a | ||
civil penalty accordingly. | ||
SECTION 11. Subchapter E, Chapter 181, Health and Safety | ||
Code, is amended by adding Sections 181.206 and 181.207 to read as | ||
follows: | ||
Sec. 181.206. AUDITS OF COVERED ENTITIES. (a) The | ||
commission, in coordination with the attorney general, the Texas | ||
Health Services Authority, and the Texas Department of Insurance: | ||
(1) may request that the United States secretary of | ||
health and human services conduct an audit of a covered entity, as | ||
that term is defined by 45 C.F.R. Section 160.103, in this state to | ||
determine compliance with the Health Insurance Portability and | ||
Accountability Act and Privacy Standards; and | ||
(2) shall periodically monitor and review the results | ||
of audits of covered entities in this state conducted by the United | ||
States secretary of health and human services. | ||
(b) If the commission has evidence that a covered entity has | ||
committed violations of this chapter that are egregious and | ||
constitute a pattern or practice, the commission may: | ||
(1) require the covered entity to submit to the | ||
commission the results of a risk analysis conducted by the covered | ||
entity if required by 45 C.F.R. Section 164.308(a)(1)(ii)(A); or | ||
(2) if the covered entity is licensed by a licensing | ||
agency of this state, request that the licensing agency conduct an | ||
audit of the covered entity's system to determine compliance with | ||
the provisions of this chapter. | ||
(c) The commission annually shall submit to the appropriate | ||
standing committees of the senate and the house of representatives | ||
a report regarding the number of federal audits of covered entities | ||
in this state and the number of audits required under Subsection | ||
(b). | ||
Sec. 181.207. FUNDING. The commission and the Texas | ||
Department of Insurance, in consultation with the Texas Health | ||
Services Authority, shall apply for and actively pursue available | ||
federal funding for enforcement of this chapter. | ||
SECTION 12. Section 182.002, Health and Safety Code, is | ||
amended by adding Subdivisions (2-a), (3-a), and (3-b) to read as | ||
follows: | ||
(2-a) "Covered entity" has the meaning assigned by | ||
Section 181.001. | ||
(3-a) "Disclose" has the meaning assigned by Section | ||
181.001. | ||
(3-b) "Health Insurance Portability and | ||
Accountability Act and Privacy Standards" has the meaning assigned | ||
by Section 181.001. | ||
SECTION 13. Subchapter C, Chapter 182, Health and Safety | ||
Code, is amended by adding Section 182.108 to read as follows: | ||
Sec. 182.108. STANDARDS FOR ELECTRONIC SHARING OF PROTECTED | ||
HEALTH INFORMATION; COVERED ENTITY CERTIFICATION. (a) The | ||
corporation shall develop and submit to the commission for | ||
ratification privacy and security standards for the electronic | ||
sharing of protected health information. | ||
(b) The commission shall review and by rule adopt acceptable | ||
standards submitted for ratification under Subsection (a). | ||
(c) Standards adopted under Subsection (b) must be designed | ||
to: | ||
(1) comply with the Health Insurance Portability and | ||
Accountability Act and Privacy Standards and Chapter 181; | ||
(2) comply with any other state and federal law | ||
relating to the security and confidentiality of information | ||
electronically maintained or disclosed by a covered entity; | ||
(3) ensure the secure maintenance and disclosure of | ||
personally identifiable health information; | ||
(4) include strategies and procedures for disclosing | ||
personally identifiable health information; and | ||
(5) support a level of system interoperability with | ||
existing health record databases in this state that is consistent | ||
with emerging standards. | ||
(d) The corporation shall establish a process by which a | ||
covered entity may apply for certification by the corporation of a | ||
covered entity's past compliance with standards adopted under | ||
Subsection (b). | ||
(e) The corporation shall publish the standards adopted | ||
under Subsection (b) on the corporation's Internet website. | ||
SECTION 14. Section 521.053, Business & Commerce Code, is | ||
amended by amending Subsection (b) and adding Subsection (b-1) to | ||
read as follows: | ||
(b) A person who conducts business in this state and owns or | ||
licenses computerized data that includes sensitive personal | ||
information shall disclose any breach of system security, after | ||
discovering or receiving notification of the breach, to any | ||
individual [ |
||
information was, or is reasonably believed to have been, acquired | ||
by an unauthorized person. The disclosure shall be made as quickly | ||
as possible, except as provided by Subsection (d) or as necessary to | ||
determine the scope of the breach and restore the reasonable | ||
integrity of the data system. | ||
(b-1) Notwithstanding Subsection (b), the requirements of | ||
Subsection (b) apply only if the individual whose sensitive | ||
personal information was or is reasonably believed to have been | ||
acquired by an unauthorized person is a resident of this state or | ||
another state that does not require a person described by | ||
Subsection (b) to notify the individual of a breach of system | ||
security. If the individual is a resident of a state that requires | ||
a person described by Subsection (b) to provide notice of a breach | ||
of system security, the notice of the breach of system security | ||
provided under that state's law satisfies the requirements of | ||
Subsection (b). | ||
SECTION 15. Section 521.151, Business & Commerce Code, is | ||
amended by adding Subsection (a-1) to read as follows: | ||
(a-1) In addition to penalties assessed under Subsection | ||
(a), a person who fails to take reasonable action to comply with | ||
Section 521.053(b) is liable to this state for a civil penalty of | ||
not more than $100 for each individual to whom notification is due | ||
under that subsection for each consecutive day that the person | ||
fails to take reasonable action to comply with that subsection. | ||
Civil penalties under this section may not exceed $250,000 for all | ||
individuals to whom notification is due after a single breach. The | ||
attorney general may bring an action to recover the civil penalties | ||
imposed under this subsection. | ||
SECTION 16. Section 522.002(b), Business & Commerce Code, | ||
is amended to read as follows: | ||
(b) An offense under this section is a Class B misdemeanor, | ||
except that the offense is a state jail felony if the information | ||
accessed, read, scanned, stored, or transferred was protected | ||
health information as defined by the Health Insurance Portability | ||
and Accountability Act and Privacy Standards, as defined by Section | ||
181.001, Health and Safety Code. | ||
SECTION 17. Subchapter B, Chapter 531, Government Code, is | ||
amended by adding Section 531.0994 to read as follows: | ||
Sec. 531.0994. STUDY; ANNUAL REPORT. (a) The commission, | ||
in consultation with the Department of State Health Services, the | ||
Texas Medical Board, and the Texas Department of Insurance, shall | ||
explore and evaluate new developments in safeguarding protected | ||
health information. | ||
(b) Not later than December 1 each year, the commission | ||
shall report to the legislature on new developments in safeguarding | ||
protected health information and recommendations for the | ||
implementation of safeguards within the commission. | ||
SECTION 18. Subchapter B, Chapter 602, Insurance Code, is | ||
amended by adding Section 602.054 to read as follows: | ||
Sec. 602.054. COMPLIANCE WITH OTHER LAW. A covered entity | ||
shall comply with: | ||
(1) Subchapter D, Chapter 181, Health and Safety Code, | ||
except as otherwise provided by that subchapter; and | ||
(2) the standards adopted under Section 182.108, | ||
Health and Safety Code. | ||
SECTION 19. (a) In this section, "unsustainable covered | ||
entity" means a covered entity, as defined by Section 181.001, | ||
Health and Safety Code, that ceases to operate. | ||
(b) The Health and Human Services Commission, in | ||
consultation with the Texas Health Services Authority and the Texas | ||
Medical Board, shall review issues regarding the security and | ||
accessibility of protected health information maintained by an | ||
unsustainable covered entity. | ||
(c) Not later than December 1, 2012, the Health and Human | ||
Services Commission shall submit to the appropriate standing | ||
committees of the senate and the house of representatives | ||
recommendations for: | ||
(1) the state agency to which the protected health | ||
information maintained by an unsustainable covered entity should be | ||
transferred for storage; | ||
(2) ensuring the security of protected health | ||
information maintained by unsustainable covered entities in this | ||
state, including secure transfer methods from the covered entity to | ||
the state; | ||
(3) the method and period of time for which protected | ||
health information should be maintained by the state after transfer | ||
from an unsustainable covered entity; | ||
(4) methods and processes by which an individual | ||
should be able to access the individual's protected health | ||
information after transfer to the state; and | ||
(5) funding for the storage of protected health | ||
information after transfer to the state. | ||
(d) This section expires January 1, 2013. | ||
SECTION 20. (a) A task force on health information | ||
technology is created. | ||
(b) The task force is composed of: | ||
(1) 11 members appointed by the attorney general with | ||
the advice of the chairs of the standing committees of the senate | ||
and house of representatives having primary jurisdiction over | ||
health information technology issues, including: | ||
(A) at least two physicians; | ||
(B) at least two individuals who represent | ||
hospitals; | ||
(C) at least one private citizen who represents | ||
patient and parental rights; and | ||
(D) at least one pharmacist; and | ||
(2) the following ex officio members: | ||
(A) the executive commissioner of the Health and | ||
Human Services Commission or an employee of the commission | ||
designated by the executive commissioner; | ||
(B) the commissioner of the Department of State | ||
Health Services or an employee of the department designated by the | ||
commissioner; and | ||
(C) the presiding officer of the Texas Health | ||
Services Authority or an employee of the authority designated by | ||
the presiding officer. | ||
(c) Not later than December 1, 2012, the attorney general | ||
shall appoint the members of the task force and appoint a chair of | ||
the task force from among its membership. The chair of the task | ||
force must have expertise in: | ||
(1) state and federal health information privacy law; | ||
(2) patient rights; and | ||
(3) electronic signatures and other consent tools. | ||
(d) The task force shall develop recommendations regarding: | ||
(1) the improvement of informed consent protocols for | ||
the electronic exchange of protected health information, as that | ||
term is defined by the Health Insurance Portability and | ||
Accountability Act and Privacy Standards, as defined by Section | ||
181.001, Health and Safety Code, as amended by this Act; | ||
(2) the improvement of patient access to and use of | ||
electronically maintained and disclosed protected health | ||
information for the purpose of personal health and coordination of | ||
health care services; and | ||
(3) any other critical issues, as determined by the | ||
task force, related to the exchange of protected health | ||
information. | ||
(e) Not later than January 1, 2014, the task force shall | ||
submit to the standing committees of the senate and house of | ||
representatives having primary jurisdiction over health | ||
information technology issues and the Texas Health Services | ||
Authority a report including the task force's recommendations under | ||
Subsection (d). | ||
(f) The Texas Health Services Authority shall publish the | ||
report submitted under Subsection (e) on the authority's Internet | ||
website. | ||
(g) This section expires February 1, 2014. | ||
SECTION 21. Section 531.0315(b), Government Code, is | ||
repealed. | ||
SECTION 22. Not later than January 1, 2013: | ||
(1) the attorney general shall adopt the form required | ||
by Section 181.154, Health and Safety Code, as added by this Act; | ||
and | ||
(2) the Health and Human Services Commission shall | ||
adopt the standards required by Section 182.108, Health and Safety | ||
Code, as added by this Act. | ||
SECTION 23. (a) Not later than May 1, 2013, the attorney | ||
general shall establish the Internet website required by Section | ||
181.103, Health and Safety Code, as added by this Act. | ||
(b) Not later than December 1, 2013, the attorney general | ||
shall submit the initial report required by Section 181.104, Health | ||
and Safety Code, as added by this Act. | ||
SECTION 24. Not later than December 1, 2013, the Health and | ||
Human Services Commission shall submit the initial report required | ||
by Section 531.0994, Government Code, as added by this Act. | ||
SECTION 25. The changes in law made by Section 181.201, | ||
Health and Safety Code, as amended by this Act, Section 521.053, | ||
Business & Commerce Code, as amended by this Act, and Section | ||
521.151(a-1), Business & Commerce Code, as added by this Act, apply | ||
only to conduct that occurs on or after the effective date of this | ||
Act. Conduct that occurs before the effective date of this Act is | ||
governed by the law in effect at the time the conduct occurred, and | ||
the former law is continued in effect for that purpose. | ||
SECTION 26. The change in law made by Section 522.002(b), | ||
Business & Commerce Code, as amended by this Act, applies only to an | ||
offense committed on or after the effective date of this Act. An | ||
offense committed before the effective date of this Act is governed | ||
by the law in effect at the time the offense was committed, and the | ||
former law is continued in effect for that purpose. For purposes of | ||
this section, an offense was committed before the effective date of | ||
this Act if any element of the offense was committed before that | ||
date. | ||
SECTION 27. This Act takes effect September 1, 2012. | ||
______________________________ | ______________________________ | |
President of the Senate | Speaker of the House | |
I certify that H.B. No. 300 was passed by the House on May 4, | ||
2011, by the following vote: Yeas 141, Nays 0, 2 present, not | ||
voting; that the House refused to concur in Senate amendments to | ||
H.B. No. 300 on May 26, 2011, and requested the appointment of a | ||
conference committee to consider the differences between the two | ||
houses; and that the House adopted the conference committee report | ||
on H.B. No. 300 on May 29, 2011, by the following vote: Yeas 145, | ||
Nays 0, 1 present, not voting. | ||
______________________________ | ||
Chief Clerk of the House | ||
I certify that H.B. No. 300 was passed by the Senate, with | ||
amendments, on May 24, 2011, by the following vote: Yeas 31, Nays | ||
0; at the request of the House, the Senate appointed a conference | ||
committee to consider the differences between the two houses; and | ||
that the Senate adopted the conference committee report on H.B. No. | ||
300 on May 29, 2011, by the following vote: Yeas 31, Nays 0. | ||
______________________________ | ||
Secretary of the Senate | ||
APPROVED: __________________ | ||
Date | ||
__________________ | ||
Governor |