BILL ANALYSIS
Senate Research Center C.S.S.B. 1328
79R10872 JTS-D By: Nelson
Committee Report (Substituted)
AUTHOR'S/SPONSOR'S STATEMENT OF INTENT
Pursuant to S.B. 1136 (78R), the Office of the Attorney General analyzed state law to identify provisions that were preempted by or inconsistent with the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA) and related rules. C.S.S.B. 1328 repeals from state law provisions that are preempted by HIPAA and ensures consistency between state law and HIPAA where appropriate. This will enable covered entities to comply fully with both state and federal law on health policy.
RULEMAKING AUTHORITY
SECTION BY SECTION ANALYSIS
SECTION 1. Amends Section 58.0071, Family Code, by adding Subsection (g) to prohibit a covered entity from destroying a record or file before the later of certain dates if destruction of the physical record or file under this section is destruction of protected health information by a covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 2. Amends Sections 82.010(b) and (c), Family Code, to prohibit a court from releasing an application to a person who is not a respondent to the application until after the date of service of notice of the application or the date of the hearing on the application, whichever date is sooner. Makes conforming changes.
SECTION 3. Amends Section 107.006(a), Family Code, to delete existing text referring to an exception in Subsection (c).
SECTION 4. Amends Sections 162.018(a) and (b), Family Code, to require the Department of Family and Protective Services (department), licensed child-placing agency, person, or entity placing a child for adoption to provide to the adoptive parents, upon request, copies of the records and other information relating to the history of the child maintained by the department, licensed child-placing agency, person, or entity placing the child for adoption. Deletes existing text entitling the adoptive parents to receive this information. Makes conforming changes.
SECTION 5. Amends Section 162.414, Family Code, is amended by adding Subsection (f) to require a covered entity to ensure that the use or disclosure of protected health information by a covered entity complies with all applicable requirements, standards, or implementation specifications of the privacy rule to the extent that Subsection (d) (pertaining to match establishment) authorizes the use or disclosure, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 6. Amends Section 264.408(a), Family Code, to authorize a children's advocacy center to disclose the files, reports, records, communications and working papers developed in providing services under this chapter (Child Welfare Services).
SECTION 7. Amends Section 420.031(e), Government Code to require a covered entity to ensure that the consent to the disclosure of protected health information complies with all of the privacy rule's applicable requirements, standards, and implementation specifications relating to authorizations for uses and disclosures if a disclosure under this subsection is a disclosure of protected health information by the covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 8. Amends Section 825.507, Government Code, by adding Subsection (h) to make conforming changes.
SECTION 9. Amends Section 81.103, Health and Safety Code, by adding Subsection (k) to require a covered entity to ensure that the authorization for the disclosure of protected health information complies with all of the privacy rule's applicable requirements, standards, and implementation specifications relating to authorizations for uses and disclosures if a disclosure under this Subsection (d) is a disclosure of protected health information by the covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 10. Amends Section 108.009, Health and Safety Code, by adding Subsection (c-1) to provide that, for the purposes of this section, the Texas Health Care Information Council (council) or other entity as determined by the council under Subsection (a) is a public health authority, as that term is defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E. Provides that data voluntarily submitted by a rural provider to the council under Subsection (c) is a use and disclosure for which an authorization or an opportunity to agree or object is not required.
SECTION 11. Amends Section 142.009, Health and Safety Code, by amending Subsection (g) and adding Subsection (m) to make nonsubstantive and conforming changes.
SECTION 12. Amends Section 162.006, Health and Safety Code, by adding Subsection (d) to make conforming changes.
SECTION 13. Amends Section 162.007, Health and Safety Code, by amending Subsection (a) and adding Subsection (d) to require a blood bank to maintain a record of the blood bank's attempt to report that person along with the blood test results if the blood bank is unable to report the blood test results to a person listed in Subsection (a). Makes a conforming change.
SECTION 14. Amends Section 181.051, Health and Safety Code, to include an exception for Subchapter E.
SECTION 15. Amends Section 241.103, Health and Safety Code, by adding Subsection (d) to provide that this section applies to a hospital that is a covered entity as that term is defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 16. Amends Section 241.152, Health and Safety Code, by adding Subsection (g) to make conforming changes.
SECTION 17. Amends Section 241.153, Health and Safety Code, to make modifications to the list of reasons that a patient's health care may disclosed without the patient's authorization. Requires a hospital that is a covered entity disclosing HIPAA protected health information to ensure that the disclosure complies with all applicable requirements, standards, or implementation specifications of the privacy rules, including provisions relating to certain disclosures.
SECTION 18. Amends Section 241.154, Health and Safety Code, by amending Subsection (b) and adding Subsection (f) to make conforming changes and require a hospital that is a covered entity releasing protected health information, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, to an individual who is the subject of the information or that person's representative to comply with certain privacy rule requirements regarding access of individuals to protected health information. Prohibits such hospitals from denying access to the information for nonpayment of fee.
SECTION 19. Amends Section 247.065, Health and Safety Code, by adding Subsection (c) to provide that Subsection (b)(7) does not authorize the disclosure or use of protected health information by a HIPAA covered entity unless the disclosure or use complies with all applicable requirements, standards, or implementation specifications of the privacy rule.
SECTION 20. Amends Section 262.030, Health and Safety Code, by adding Subsection (c) to prohibit a covered entity from destroying a record before the later of certain dates if destruction of a record under this section is destruction of HIPAA protected health information.
SECTION 21. Amends Section 281.073, Health and Safety Code, by adding Subsection (c) to make conforming changes.
SECTION 22. Amends Section 595.003, Health and Safety Code, by adding Subsection (c) to make conforming changes.
SECTION 23. Amends Section 595.004, Health and Safety Code, by amending Subsection (a) and adding Subsection (c) to prohibit a covered entity from denying a request under this section for HIPAA protected health information unless the qualified professional responsible for supervising the client's habilitation meets certain requirements. Makes a conforming change.
SECTION 24. Amends Section 611.004, Health and Safety Code, by adding Subsection (e), to make conforming changes.
SECTION 25. Amends Section 611.0045(b), Health and Safety Code, to make conforming changes.
SECTION 26. Amends Section 611.008(b), Health and Safety Code, to require a covered entity charging a fee for HIPAA protected health information to comply with certain privacy rule requirements regarding access of individuals to protected health information. Prohibits such covered entities from denying access to the information for nonpayment of fee.
SECTION 27. Amends Section 773.093, Health and Safety Code, by adding Subsection (d) to make conforming changes.
SECTION 28. Amends Section 8, Article 21.58A, Insurance Code, by adding Subsection (j), to require the covered entity to ensure that authorization for the disclosure complies with all of the privacy rule's applicable requirements, standards, and implementation specifications relating to authorizations for uses and disclosures of protected health information if a disclosure under this Subsection (d) is a disclosure of protected health information by the covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 29. Amends Section 546.104, Insurance Code, as effective April 1, 2005, to make conforming changes.
SECTION 30. Amends Section 21.4032, Labor Code, to require the covered entity to ensure that authorization for the disclosure complies with all of the privacy rule's applicable requirements, standards, and implementation specifications relating to authorizations for uses and disclosures of protected health information if a disclosure under this Subsection (d) is a disclosure of protected health information by the covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E. Makes a conforming change.
SECTION 31. Amends Section 201.009(c), Local Government Code, to include that Subsection (b) does not apply to a local government that is a covered entity disclosing protected health information, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E
SECTION 32. Amends Section 58.104, Occupation Code, to require the covered entity to ensure that authorization for the disclosure complies with all of the privacy rule's applicable requirements, standards, and implementation specifications relating to authorizations for uses and disclosures of protected health information if a disclosure under this Subsection (d) is a disclosure of protected health information by the covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 33. Amends Chapter 159.005, Occupation Code, by adding Subsection (f) to require a covered entity to ensure that the consent to the disclosure of protected health information complies with all of the privacy rule's applicable requirements, standards, and implementation specifications relating to authorizations for uses and disclosures if a disclosure under this subsection is a disclosure of protected health information by the covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 34. Amends Section 159.006, Occupations Code, by amending Subsection (a) and adding Subsection (f) to prohibit a covered entity from denying a request under this section for HIPAA protected health information unless the qualified professional responsible for supervising the client's habilitation meets certain requirements. Makes a conforming change.
SECTION 35. Amends Section 159.008, Occupations Code, by amending Subsection (a) and adding Subsection (c) to prohibit a covered entity charging a fee for HIPAA protected health information from charging a fee for retrieving the information or withholding copies for nonpayment of the fee. Makes a conforming change.
SECTION 36. Amends Section 201.405, Occupations Code, by amending Subsection (g) and adding Subsection (h) to make conforming changes.
SECTION 37. Amends Section 202.406, Occupations Code, by amending Subsection (d) and adding Subsection (f) to make conforming changes.
SECTION 38. Amends Section 258.104, Occupations Code, by adding Subsection (e) to make conforming changes.
SECTION 39. Amends Section 32, Texas Local Fire Fighters Retirement Act (Article 6243e, V.T.C.S.), by adding Subsection (d) to require a covered entity to ensure that the use or disclosure of protected health information complies with all applicable requirements, standards, or implementation specifications of the privacy rule to the extent that Subsection (d) (pertaining to match establishment) authorizes the use or disclosure of protected health information by a covered entity, as those terms are defined by the privacy rule of the Administrative Simplification subtitle of HIPAA (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.
SECTION 40. Requires the state auditor to conduct an audit of state agencies to determine which agencies have designated themselves covered entities for the purposes of HIPAA and whether the agency should be designated as a hybrid of that covered entity. Requires the auditor to report the results of the audit to the office of the attorney general and the appropriate legislative committees not alter than March 1, 2006. Requires the report to include any recommendations for changes in agency designation.
SECTION 41. Repealer: Section 107.006(c) (pertaining to a mental health record of a child), Family Code.
SECTION 42. Effective date: September 1, 2005.