77(R) HB 1221 Introduced version

HBA-DMH, JEK H.B. 1221 77(R)    BILL ANALYSIS


Office of House Bill AnalysisH.B. 1221
By: Maxey
Public Health
3/2/2001
Introduced



BACKGROUND AND PURPOSE 

Americans consistently show their strong support for protecting individual
privacy, including the privacy of health related information.  Electronic
storage of information offers many conveniences and may even facilitate
customer service, but if not regulated properly can compromise sensitive
personal information. In 1996, the Health Insurance Portability and
Accountability Act (HIPAA) required the United States Department of Health
and Human Services to adopt comprehensive health privacy regulations which
were recently finalized.  HIPAA gives patients access to their records, but
limits others from accessing personal health information without specific
consent.  HIPAA does not provide patients with a course of action and does
not cover all relevant professions.  House Bill 1221 provides measures for
the protection of patients' medical records, prohibits health care entities
from misusing patient health information, and authorizes civil, criminal,
and disciplinary actions to be brought for a violation of  these
provisions. 

RULEMAKING AUTHORITY

It is the opinion of the Office of House Bill Analysis that this bill does
not expressly delegate any additional rulemaking authority to a state
officer, department, agency, or institution. 

ANALYSIS

House Bill 1221 amends the Health and Safety Code to set forth provisions
relating to protecting the privacy of medical records. 

Health Information

The bill prohibits a person from disclosing, using, or selling protected
health information, including prescription patterns and administrative
billing information, for marketing, education, or marketing research
purposes without the expressed consent of the individual who is the subject
of the information (Sec. 181.064).    

H.B. 1221 prohibits a person who handles protected or deidentified health
information (covered entity) from disclosing or using protected health
information without the expressed consent of the individual who is the
subject of the information.  The bill prohibits a covered entity from
using, requesting, or requiring the disclosure of more protected health
information than is directly related to the specific purpose that is stated
in an expressed consent.  The bill sets forth provisions for requests for
disclosure of protected health information (Sec. 181.052). 

The bill sets forth conditions under which a covered entity is authorized
to disclose protected health information to certain entities, including
health or government officials, without expressed consent (Sec. 181.056).
H.B. 1221 sets forth provisions regarding disclosure of protected health
information without consent in response to a compulsory legal process (Sec.
181.059).  The bill sets forth provisions relating to the disclosure of
protected health information without expressed consent to a public health
authority and other authorized entities (Sec. 181.063). 

The bill requires a covered entity to permit an individual who is the
subject of protected health information  or the person's designee to
inspect and copy any protected information that the entity maintains or
controls that relates to the individual not later than 10 days after
receiving the request.  The bill requires a covered entity to provide an
individual with one free copy of such records during a three-year period
and provides that, unless otherwise established in current law, a covered
entity is authorized to charge a reasonable fee for the cost of additional
copies.  The bill sets forth exceptions for certain personal notes or
diaries used for the specific purpose of clinical supervision (Sec.
181.051).   

H.B. 1221 sets forth provisions relating to a covered entity's use of a
clinical health record and provisions relating to a covered entity's use of
administrative billing information (Secs. 181.053 and 181.054). 

H.B. 1221 sets forth provisions related to the amendment or appendant of an
individual's clinical health record held by a covered entity upon written
request of the individual (Sec. 181.060).  H.B. 1221 sets forth provisions
relating to requirements for a covered entity to provide written notice to
an individual regarding the entity's  practices with respect to protected
health information (Sec. 181.061). 

Health Care Practitioners and Health Care Facilities

H.B. 1221 sets forth the conditions under which a health care practitioner
(practitioner) or health care facility (facility) that provides patient
services is authorized to disclose directory information regarding an
individual.  The bill prohibits a practitioner or facility from releasing
patient directory information without expressed consent if the disclosure
of the individual's location would reveal information supporting all
inferences about the specific diagnosis of the individual or the
practitioner or facility has reason to believe that the disclosure could
lead to physical, mental, or emotional harm to or the death of the
individual (Sec. 181.055). 

H.B. 1221 sets forth conditions under which a practitioner or facility is
authorized to disclose protected health information without a patient's
consent to a patient's next of kin, a representative of the patient, or an
individual with whom the patient resides (Sec. 181.057).  Except for the
use of administrative billing information, the bill does not limit the
ability of a practitioner or facility to use protected health information
to provide health care to an individual or to disclose information
appropriately.  The bill sets forth requirements relating to the use of a
clinical health record (Sec. 181.053). 

Researchers

H.B. 1221 requires the Texas Ethics Commission (TEC) to establish a privacy
board to grant waivers of expressed consent for the use of protected health
information for research purposes.  The bill sets forth provisions relating
to the composition of a privacy board and the conditions under which a
privacy board is authorized to grant a waiver.  The bill prohibits a health
researcher who receives protected health information pursuant to such a
waiver from using or disclosing the information for any purposes other than
those specifically approved by the privacy board and directly related to
the research being performed (Sec. 181.058).   

The bill authorizes a researcher to disclose protected health information
to a health researcher, regardless of the source of funding of the
research, if the purpose is to conduct health research and the researcher
has obtained the expressed consent of the individual or documentation that
a waiver of expressed consent has been granted by a privacy board or an
institutional review board (Sec. 181.058).   

Expressed  Consent

H.B. 1221 provides that the expressed consent required by this bill must be
in writing and signed by the individual or the individual's legal guardian
or agent (Sec. 181.151).  The bill sets forth provisions related to the
documentation, content, expiration, and revocation of the written expressed
consent as well as the development and distribution of a model expressed
consent form (Secs. 181.151, 181.152, 181.153, 181.154, and 181.155).   


 Audit Trail

H.B. 1221 requires certain new or substantially updated information systems
implemented after September 1, 2001, to maintain an audit trail of each use
or disclosure of protected health information, other than a disclosure by a
health care provider or facility, and of the source of the information.
The bill requires a covered entity to maintain such an audit trail until
the sixth anniversary of the date the use or disclosure was made.  The bill
requires the covered entity to either provide a copy of the audit trail to
the individual who is the subject of the information or comply with the
request of an individual to review the audit trail and report any
unauthorized access to the information to the individual (Sec. 181.062). 

Health Care Payers

H.B. 1221 requires a health care payer, on enrollment, to notify an
individual who is the subject of protected health information of the
regular uses of the information and of the required uses of the information
in the case of any complaint, appeal, or other grievance made by or
relating to the subject (Sec. 181.101).  The bill prohibits a health care
payer or employer from requiring an individual to participate in a disease
management or other clinical intervention program as a condition of
employment, health insurance, or coverage or reimbursement for health care
and provides for exceptions (Sec. 181.103).  The bill prohibits a health
care payer from initiating contact with the subject of sensitive health
information regarding any disease management or other clinical intervention
program pertaining to the sensitive health condition. The bill requires
that such a communication be initiated through a health care practitioner.
The bill also prohibits a health care payer from sending mail addressed to
an individual regarding any health topic (Sec. 181.102). 

H.B. 1221 specifies that expressed consent provided by an enrollee or
member in any health plan is not valid as to anyone other than that
enrollee or member.  The bill prohibits a health care payer from
conditioning health care insurance or reimbursement or coverage for health
care on consent from a minor who has legally obtained health care without
parental consent to disclose any information pertaining to the health care
or health care payment to a parent or other legal guardian (Sec. 181.104). 

The bill prohibits a health care payer from requesting any protected health
information for the purpose of performing health care delivery review,
unless the information is essential for the review and directly related to
and used solely for the purpose of the specific care or procedure being
reviewed (Sec. 181.105). 

Ombudsman

H.B. 1221 requires the attorney general to appoint a lawyer to serve as the
medical records privacy ombudsman to assist members of the public,
governmental units, and covered entities in understanding and interpreting
the provisions of the bill (Sec. 181.003).  The bill outlines the
ombudsman's duties and sets forth provisions regarding advisory opinions
issued by the ombudsman (Secs. 181.003, 181.061, and 181.155). 

Prohibited Acts

H.B. 1221 prohibits a person, including a governmental unit, from
identifying or attempting to identify an individual who is the subject of
any deidentified health information (Sec. 181.201).   

The bill prohibits a person from coercing an individual to sign an
expressed consent document, including coercion through retaliation or
conditioning treatment on consent (Secs. 181.202--181.204). 

The bill prohibits a supervision officer from requiring a defendant to
provide the supervision officer with the defendant's protected health
information unless that information is directly related to the terms of the
supervision (Sec. 181.205). 



 Enforcement

H.B. 1221 authorizes the attorney general to institute an action for
injunctive or declaratory relief to restrain a violation of these
provisions or to institute an action for civil penalties against a covered
entity for a violation of these provisions (Sec. 181.251).  The bill
authorizes an individual who is aggrieved by a violation of these
provisions to institute an action against a covered entity for injunctive
or declaratory relief (Sec. 181.252).  The bill provides for civil
penalties (Secs. 181.251 and 181.252). 

The bill provides that it is a defense to a civil action if the defendant,
in good faith, reasonably believed that the disclosure of the information
was authorized by an expressed consent (Sec. 181.252).  

The bill provides that a person commits a criminal offense if the person
knowingly uses, discloses, reidentifies, obtains, or induces another to
use, disclose, reidentify, or obtain, protected health information for
commercial advantage, personal gain, or to cause malicious harm.  The bill
sets forth criminal penalties (Sec. 181.253).  

In addition to other penalties prescribed by this bill, the bill provides
that a violation by an individual or facility that is licensed by a state
agency is subject to the same consequence as a violation of the licensing
law applicable to the individual or facility or of a rule adopted under the
licensing law (Sec. 181.254). 

The bill amends the Education Code to repeal provisions entitling a school
administrator, nurse, or teacher to access a student's medical records
(SECTION 2). 

EFFECTIVE DATE

September 1, 2001.