|
House Bill 300 |
House Author: Kolkhorst et al. |
|
Effective: 9-1-12 |
Senate Sponsor: Nelson |
House Bill 300 amends the Health and Safety Code to update provisions relating to compliance with the federal Health Insurance Portability and Accountability Act of 1996 and the privacy of protected health information. The bill updates provisions establishing the duties of the executive commissioner of the Health and Human Services Commission (HHSC) with regard to protected health information. The bill includes provisions relating to training required for employees of covered entities, consumer access to and use of protected health information, and a report by the attorney general regarding consumer complaints. The bill prohibits the sale of protected health information by a covered entity, with certain exceptions, sets out requirements relating to the electronic disclosure of certain protected health information, and requires the attorney general, not later than January 1, 2013, to adopt a standard authorization form for use in complying with those requirements. The bill raises and sets caps on the civil penalty that may be assessed against a covered entity for a violation of state medical records privacy laws based on certain standards of culpability and includes provisions relating to an action by the attorney general and the disciplinary powers of a licensing agency with regard to a violation of state medical records privacy laws.
House Bill 300 establishes the powers and duties of HHSC relating to audits of covered entities and requires HHSC and the Texas Department of Insurance (TDI), in consultation with the Texas Health Services Authority (THSA), to apply for and actively pursue available federal funding for enforcement of state medical records privacy laws.
House Bill 300 amends provisions of the Business & Commerce Code requiring a person who conducts business in this state and owns or licenses computerized data that includes sensitive personal information to disclose any breach of system security to any state resident whose sensitive personal information was, or is reasonably believed to have been, acquired by an unauthorized person and makes that requirement applicable also to a resident of another state that does not require such disclosure. The bill enhances the penalty for an offense of identity theft by electronic device if the information accessed, read, scanned, stored, or transferred was protected health information.
House Bill 300 amends the Government Code to require HHSC, in consultation with the Department of State Health Services, the Texas Medical Board, and TDI, to explore and evaluate new developments in safeguarding protected health information and to annually report to the legislature on those developments and recommendations for the implementation of safeguards within HHSC.
House Bill 300 amends the Insurance Code to require a covered entity, as defined by that code, to comply with state medical records privacy laws relating to prohibited acts and with the standards for electronic sharing of protected health information.
House Bill 300 requires HHSC, in consultation with TSHA and the Texas Medical Board, to review issues regarding the security and accessibility of protected health information maintained by an unsustainable covered entity and to submit a legislative report including certain recommendations regarding those issues not later than December 1, 2012. The bill creates a task force on health information technology and requires the attorney general, not later than December 1, 2012, to appoint the task force members and chair.