| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
| |
|
|
relating to the privacy of protected health information. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subsection (f), Section 58.0071, Family Code, is |
|
|
amended to read as follows: |
|
|
(f) This section does not affect the destruction of: |
|
|
(1) physical records and files authorized by the Texas |
|
|
State Library Records Retention Schedule; or |
|
|
(2) protected health information maintained by a |
|
|
covered entity, as that term is defined by the privacy rule of the |
|
|
Administrative Simplification subtitle of the Health Insurance |
|
|
Portability and Accountability Act of 1996 (Pub. L. No. 104-191) |
|
|
contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A |
|
|
and E. |
|
|
SECTION 2. Subsections (b) and (c), Section 82.010, Family |
|
|
Code, are amended to read as follows: |
|
|
(b) Except as otherwise provided by law, an application for |
|
|
a protective order is confidential and[,] is excepted from required |
|
|
public disclosure under Chapter 552, Government Code. A court[,
|
|
|
and] may not release an application [be released] to a person who is |
|
|
not a respondent to the application until after the date of service |
|
|
of notice of the application or the date of the hearing on the |
|
|
application, whichever date is sooner. |
|
|
(c) Except as otherwise provided by law, an application |
|
|
requesting the issuance of a temporary ex parte order under Chapter |
|
|
83 is confidential and[,] is excepted from required public |
|
|
disclosure under Chapter 552, Government Code. A court[, and] may |
|
|
not release an application [be released] to a person who is not a |
|
|
respondent to the application until after the date that the court or |
|
|
law enforcement informs the respondent of the court's order. |
|
|
SECTION 3. Subsections (a) and (b), Section 162.018, Family |
|
|
Code, are amended to read as follows: |
|
|
(a) The department, licensed child-placing agency, person, |
|
|
or entity placing a child for adoption shall provide to the [The] |
|
|
adoptive parents, upon request, [are entitled to receive] copies of |
|
|
the records and other information relating to the history of the |
|
|
child maintained by the department, licensed child-placing agency, |
|
|
person, or entity placing the child for adoption. |
|
|
(b) The department, licensed child-placing agency, person, |
|
|
or entity placing the child for adoption shall, upon request, |
|
|
provide to the [The] adoptive parents and the adopted child, after |
|
|
the child is an adult, [are entitled to receive] copies of the |
|
|
records maintained by the entity that have been edited to protect |
|
|
the identity of the biological parents and any other person whose |
|
|
identity is confidential and other information relating to the |
|
|
history of the child [maintained by the department, licensed
|
|
|
child-placing agency, person, or entity placing the child for
|
|
|
adoption]. |
|
|
SECTION 4. Section 162.414, Family Code, is amended by |
|
|
adding Subsection (f) to read as follows: |
|
|
(f) To the extent that Subsection (d) authorizes the use or |
|
|
disclosure of protected health information by a covered entity, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the use or disclosure complies |
|
|
with all applicable requirements, standards, or implementation |
|
|
specifications of the privacy rule. |
|
|
SECTION 5. Subsection (a), Section 264.408, Family Code, is |
|
|
amended to read as follows: |
|
|
(a) The files, reports, records, communications, and |
|
|
working papers used or developed in providing services under this |
|
|
chapter are confidential and not subject to public release under |
|
|
Chapter 552, Government Code. A center[, and] may only disclose the |
|
|
files, reports, records, communications, and working papers |
|
|
developed in providing services under this chapter [be disclosed] |
|
|
for purposes consistent with this chapter. Disclosure may be to: |
|
|
(1) the department, department employees, law |
|
|
enforcement agencies, prosecuting attorneys, medical |
|
|
professionals, and other state agencies that provide services to |
|
|
children and families; and |
|
|
(2) the attorney for the child who is the subject of |
|
|
the records and a court-appointed volunteer advocate appointed for |
|
|
the child under Section 107.031. |
|
|
SECTION 6. Subsection (e), Section 420.031, Government |
|
|
Code, is amended to read as follows: |
|
|
(e) Evidence collected under this section may not be |
|
|
released unless the survivor of the offense or a legal |
|
|
representative of the survivor signs a written consent to release |
|
|
the evidence. If a disclosure under this subsection is a disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent to the disclosure |
|
|
complies with all of the privacy rule's applicable requirements, |
|
|
standards, and implementation specifications relating to |
|
|
authorizations for uses and disclosures of protected health |
|
|
information. |
|
|
SECTION 7. Section 825.507, Government Code, is amended by |
|
|
adding Subsection (h) to read as follows: |
|
|
(h) If a disclosure under Subsection (b)(6) is a disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization for the |
|
|
disclosure complies with all of the privacy rule's applicable |
|
|
requirements, standards, and implementation specifications |
|
|
relating to authorizations for uses and disclosures of protected |
|
|
health information. |
|
|
SECTION 8. Section 865.019, Government Code, is amended by |
|
|
adding Subdivision (e) to read as follows: |
|
|
(e) If a disclosure under Subsection (a) is a disclosure of |
|
|
protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization for the |
|
|
disclosure complies with all of the privacy rule's applicable |
|
|
requirements, standards, and implementation specifications |
|
|
relating to authorizations for uses and disclosures of protected |
|
|
health information. |
|
|
SECTION 9. Section 81.103, Health and Safety Code, is |
|
|
amended by adding Subsection (k) to read as follows: |
|
|
(k) If a disclosure under Subsection (d) is a disclosure of |
|
|
protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization for the |
|
|
disclosure complies with all of the privacy rule's applicable |
|
|
requirements, standards, and implementation specifications |
|
|
relating to authorizations for uses and disclosures of protected |
|
|
health information. |
|
|
SECTION 10. Section 108.009, Health and Safety Code, is |
|
|
amended by adding Subsection (c-1) to read as follows: |
|
|
(c-1) For purposes of this section, the council or other |
|
|
entity as determined by the council under Subsection (a) is a public |
|
|
health authority, as that term is defined by the privacy rule of the |
|
|
Administrative Simplification subtitle of the Health Insurance |
|
|
Portability and Accountability Act of 1996 (Pub. L. No. 104-191) |
|
|
contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A |
|
|
and E. Data voluntarily submitted by a rural provider to the |
|
|
council under Subsection (c) is a use and disclosure for which an |
|
|
authorization or an opportunity to agree or object is not required. |
|
|
SECTION 11. Section 142.009, Health and Safety Code, is |
|
|
amended by amending Subsection (g) and adding Subsection (m) to |
|
|
read as follows: |
|
|
(g) After a survey of a home and community support services |
|
|
agency by the department, the department shall provide to the chief |
|
|
executive officer of the home and community support services |
|
|
agency: |
|
|
(1) specific and timely written notice of the |
|
|
preliminary findings of the survey, including: |
|
|
(A) the specific nature of the survey; |
|
|
(B) any alleged violations of a specific statute |
|
|
or rule; |
|
|
(C) the specific nature of any finding regarding |
|
|
an alleged violation or deficiency; and |
|
|
(D) if a deficiency is alleged, the severity of |
|
|
the deficiency; |
|
|
(2) information on the identity, including the |
|
|
signature, of each department representative conducting, |
|
|
reviewing, or approving the results of the survey and the date on |
|
|
which the department representative acted on the matter; and |
|
|
(3) if requested by the home and community support |
|
|
services agency, copies of all documents relating to the survey |
|
|
maintained by the department or provided by the department to any |
|
|
other state or federal agency that are not confidential under state |
|
|
law. |
|
|
(m) If a disclosure under Subsection (d)(3) is a disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent to the disclosure |
|
|
complies with all of the privacy rule's applicable requirements, |
|
|
standards, and implementation specifications relating to |
|
|
authorizations for uses and disclosures of protected health |
|
|
information. |
|
|
SECTION 12. Section 162.006, Health and Safety Code, is |
|
|
amended by adding Subsection (d) to read as follows: |
|
|
(d) If a disclosure under this section is a disclosure of |
|
|
protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the disclosure complies with all |
|
|
of the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 13. Section 162.007, Health and Safety Code, is |
|
|
amended by amending Subsection (a) and adding Subsection (d) to |
|
|
read as follows: |
|
|
(a) Except as provided by Subsection (d), a [A] blood bank |
|
|
shall report blood test results for blood confirmed as HIV positive |
|
|
by the normal procedures blood banks presently use or found to be |
|
|
contaminated by any other infectious disease to: |
|
|
(1) the hospital or other facility in which the blood |
|
|
was transfused or provided; |
|
|
(2) the physician who transfused the infected blood; |
|
|
and [or] |
|
|
(3) the recipient of the blood. |
|
|
(d) If a blood bank is unable to report blood test results to |
|
|
a person listed in Subsection (a), the blood bank shall maintain a |
|
|
record of the blood bank's attempt to report to that person along |
|
|
with the blood test results. |
|
|
SECTION 14. Section 181.051, Health and Safety Code, is |
|
|
amended to read as follows: |
|
|
Sec. 181.051. PARTIAL EXEMPTION. Except for Subchapters |
|
|
[Subchapter] D and E, this chapter does not apply to: |
|
|
(1) a covered entity as defined by Section 602.001, |
|
|
Insurance Code; |
|
|
(2) an entity established under Article 5.76-3, |
|
|
Insurance Code; or |
|
|
(3) an employer. |
|
|
SECTION 15. Section 241.103, Health and Safety Code, is |
|
|
amended by adding Subsection (d) to read as follows: |
|
|
(d) This section applies to a hospital that is a covered |
|
|
entity, as that term is defined by the privacy rule of the |
|
|
Administrative Simplification subtitle of the Health Insurance |
|
|
Portability and Accountability Act of 1996 (Pub. L. No. 104-191) |
|
|
contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A |
|
|
and E. |
|
|
SECTION 16. Section 241.152, Health and Safety Code, is |
|
|
amended by adding Subsection (g) to read as follows: |
|
|
(g) If an authorization under this section authorizes the |
|
|
disclosure of protected health information by a covered entity, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization complies with |
|
|
all of the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 17. Section 241.153, Health and Safety Code, is |
|
|
amended to read as follows: |
|
|
Sec. 241.153. DISCLOSURE WITHOUT WRITTEN AUTHORIZATION. |
|
|
(a) Subject to Subsection (b), a [A] patient's health care |
|
|
information may be disclosed without the patient's authorization if |
|
|
the disclosure is: |
|
|
(1) directory information, unless the patient has |
|
|
instructed the hospital not to make the disclosure or the directory |
|
|
information is otherwise protected by state or federal law; |
|
|
(2) to a health care provider who is rendering health |
|
|
care to the patient when the request for the disclosure is made; |
|
|
(3) to a transporting emergency medical services |
|
|
provider for the purpose of: |
|
|
(A) treatment or payment, as those terms are |
|
|
defined by the regulations adopted under the Health Insurance |
|
|
Portability and Accountability Act of 1996 (Pub. L. No. 104-191); |
|
|
or |
|
|
(B) the following health care operations |
|
|
described by the regulations adopted under the Health Insurance |
|
|
Portability and Accountability Act of 1996 (Pub. L. No. 104-191): |
|
|
(i) quality assessment and improvement |
|
|
activities; |
|
|
(ii) specified insurance functions; |
|
|
(iii) conducting or arranging for medical |
|
|
reviews; or |
|
|
(iv) competency assurance activities; |
|
|
(4) to a clergy member [of the clergy] specifically |
|
|
designated by the patient; |
|
|
(5) to a qualified organ or tissue procurement |
|
|
organization as defined in Section 692.002 for the purpose of |
|
|
making inquiries relating to donations according to the protocol |
|
|
referred to in Section 692.013(d); |
|
|
(6) to a prospective health care provider for the |
|
|
purpose of securing the services of that health care provider as |
|
|
part of the patient's continuum of care, as determined by the |
|
|
patient's attending physician; |
|
|
(7) to a person authorized to consent to medical |
|
|
treatment under Chapter 313 or to a person in a circumstance |
|
|
exempted from Chapter 313 to facilitate the adequate provision of |
|
|
treatment; |
|
|
(8) to an employee or agent of the hospital who |
|
|
requires health care information for health care education, quality |
|
|
assurance, or peer review or for assisting the hospital in the |
|
|
delivery of health care or in complying with statutory, licensing, |
|
|
accreditation, or certification requirements and if the hospital |
|
|
takes appropriate action to ensure that the employee or agent: |
|
|
(A) will not use or disclose the health care |
|
|
information for any other purpose; and |
|
|
(B) will take appropriate steps to protect the |
|
|
health care information; |
|
|
(9) to a federal, state, or local government agency or |
|
|
authority to the extent authorized or required by law; |
|
|
(10) to a hospital that is the successor in interest to |
|
|
the hospital maintaining the health care information; |
|
|
(11) to the American Red Cross for the specific |
|
|
purpose of fulfilling the duties specified under its charter |
|
|
granted as an instrumentality of the United States government; |
|
|
(12) to a regional poison control center, as the term |
|
|
is used in Chapter 777, to the extent necessary to enable the center |
|
|
to provide information and education to health professionals |
|
|
involved in the management of poison and overdose victims, |
|
|
including information regarding appropriate therapeutic use of |
|
|
medications, their compatibility and stability, and adverse drug |
|
|
reactions and interactions; |
|
|
(13) to a health care utilization review agent who |
|
|
requires the health care information for utilization review of |
|
|
health care under Chapter 4201 [Article 21.58A], Insurance Code; |
|
|
(14) for use in a research project authorized by an |
|
|
institutional review board under federal law; |
|
|
(15) to health care personnel of a penal or other |
|
|
custodial institution in which the patient is detained if the |
|
|
disclosure is for the sole purpose of providing health care to the |
|
|
patient; |
|
|
(16) to facilitate reimbursement to a hospital, other |
|
|
health care provider, or the patient for medical services or |
|
|
supplies; |
|
|
(17) to a health maintenance organization for purposes |
|
|
of maintaining a statistical reporting system as required by a rule |
|
|
adopted by a state agency or regulations adopted under the federal |
|
|
Health Maintenance Organization Act of 1973, as amended (42 U.S.C. |
|
|
Section 300e et seq.); |
|
|
(18) to satisfy a request for medical records of a |
|
|
deceased or incompetent person pursuant to Section 74.051(e), Civil |
|
|
Practice and Remedies Code; |
|
|
(19) to comply with a court order except as provided by |
|
|
Subdivision (20); or |
|
|
(20) related to a judicial proceeding in which the |
|
|
patient is a party and the disclosure is requested under a subpoena |
|
|
issued under: |
|
|
(A) the Texas Rules of Civil Procedure or Code of |
|
|
Criminal Procedure; or |
|
|
(B) Chapter 121, Civil Practice and Remedies |
|
|
Code. |
|
|
(b) A hospital that is a covered entity disclosing protected |
|
|
health information under this section, as those terms are defined |
|
|
by the privacy rule of the Administrative Simplification subtitle |
|
|
of the Health Insurance Portability and Accountability Act of 1996 |
|
|
(Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. |
|
|
Part 164, Subparts A and E, shall ensure that the disclosure |
|
|
complies with all applicable requirements, standards, or |
|
|
implementation specifications of the privacy rule, including |
|
|
provisions relating to disclosures for: |
|
|
(1) facility directories under 45 C.F.R. Section |
|
|
164.510(a); |
|
|
(2) treatment, payment, or health care operations |
|
|
under 45 C.F.R. Section 164.506; |
|
|
(3) cadaveric organ, eye, or tissue donation purposes |
|
|
under 45 C.F.R. Section 164.512(h); |
|
|
(4) law enforcement purposes under 45 C.F.R. Section |
|
|
164.512(f); |
|
|
(5) health oversight activities under 45 C.F.R. |
|
|
Section 164.512(d); |
|
|
(6) research purposes under 45 C.F.R. Section |
|
|
164.512(i); and |
|
|
(7) a judicial or administrative proceeding under 45 |
|
|
C.F.R. Section 164.512(e). |
|
|
SECTION 18. Section 241.154, Health and Safety Code, is |
|
|
amended by amending Subsection (b) and adding Subsection (f) to |
|
|
read as follows: |
|
|
(b) Except as provided by Subsections [Subsection] (d) and |
|
|
(f), the hospital or its agent may charge a reasonable fee for |
|
|
providing the health care information and is not required to permit |
|
|
the examination, copying, or release of the information requested |
|
|
until the fee is paid unless there is a medical emergency. The fee |
|
|
may not exceed the sum of: |
|
|
(1) a basic retrieval or processing fee, which must |
|
|
include the fee for providing the first 10 pages of the copies and |
|
|
which may not exceed $30; and |
|
|
(A) a charge for each page of: |
|
|
(i) $1 for the 11th through the 60th page of |
|
|
the provided copies; |
|
|
(ii) 50 cents for the 61st through the 400th |
|
|
page of the provided copies; and |
|
|
(iii) 25 cents for any remaining pages of |
|
|
the provided copies; and |
|
|
(B) the actual cost of mailing, shipping, or |
|
|
otherwise delivering the provided copies; or |
|
|
(2) if the requested records are stored on any |
|
|
microform or other electronic medium, a retrieval or processing |
|
|
fee, which must include the fee for providing the first 10 pages of |
|
|
the copies and which may not exceed $45; and |
|
|
(A) $1 per page thereafter; and |
|
|
(B) the actual cost of mailing, shipping, or |
|
|
otherwise delivering the provided copies. |
|
|
(f) A covered entity shall comply with the requirements of |
|
|
45 C.F.R. Section 164.524, including the requirement that access to |
|
|
protected health information, as those terms are defined by the |
|
|
privacy rule of the Administrative Simplification subtitle of the |
|
|
Health Insurance Portability and Accountability Act of 1996 (Pub. |
|
|
L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part |
|
|
164, Subparts A and E, for inspection purposes may not be denied to |
|
|
an individual or legally authorized representative for nonpayment |
|
|
of a fee. |
|
|
SECTION 19. Section 247.065, Health and Safety Code, is |
|
|
amended by adding Subsection (c) to read as follows: |
|
|
(c) Subsection (b)(7) does not authorize the disclosure or |
|
|
use of protected health information by a covered entity, as those |
|
|
terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, unless the |
|
|
disclosure or use complies with all applicable requirements, |
|
|
standards, or implementation specifications of the privacy rule. |
|
|
SECTION 20. Section 595.003, Health and Safety Code, is |
|
|
amended by adding Subsection (c) to read as follows: |
|
|
(c) If consent under this section authorizes the disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization complies with |
|
|
all of the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 21. Section 595.004, Health and Safety Code, is |
|
|
amended by amending Subsection (a) and adding Subsection (c) to |
|
|
read as follows: |
|
|
(a) The content of a confidential record shall be made |
|
|
available on the request of the person about whom the record was |
|
|
made unless: |
|
|
(1) the person is a client; and |
|
|
(2) subject to Subsection (c), the qualified |
|
|
professional responsible for supervising the client's habilitation |
|
|
states in a signed written statement that having access to the |
|
|
record is not in the client's best interest. |
|
|
(c) A covered entity may not deny a request under this |
|
|
section for protected health information, as those terms are |
|
|
defined by the privacy rule of the Administrative Simplification |
|
|
subtitle of the Health Insurance Portability and Accountability Act |
|
|
of 1996 (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 |
|
|
C.F.R. Part 164, Subparts A and E, unless the qualified |
|
|
professional responsible for supervising the client's |
|
|
habilitation: |
|
|
(1) determines that making the record available to the |
|
|
client is reasonably likely to endanger the life or physical safety |
|
|
of the client or another person; and |
|
|
(2) complies with other requirements relating to |
|
|
denial of access to an individual's protected health information |
|
|
under 45 C.F.R. Section 164.524. |
|
|
SECTION 22. Section 611.004, Health and Safety Code, is |
|
|
amended by adding Subsection (e) to read as follows: |
|
|
(e) If a disclosure under Subsection (a)(4) is a disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent to the disclosure |
|
|
complies with all of the privacy rule's applicable requirements, |
|
|
standards, and implementation specifications relating to |
|
|
authorizations for uses and disclosures of protected health |
|
|
information. |
|
|
SECTION 23. Subsection (b), Section 611.0045, Health and |
|
|
Safety Code, is amended to read as follows: |
|
|
(b) The professional may deny access to any portion of a |
|
|
record if the professional determines that release of that portion |
|
|
would be harmful to the patient's physical, mental, or emotional |
|
|
health. A covered entity may not deny a request under this |
|
|
subsection for protected health information, as those terms are |
|
|
defined by the privacy rule of the Administrative Simplification |
|
|
subtitle of the Health Insurance Portability and Accountability Act |
|
|
of 1996 (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 |
|
|
C.F.R. Part 164, Subparts A and E, unless the professional: |
|
|
(1) determines that making the record available to the |
|
|
patient is reasonably likely to endanger the life or physical |
|
|
safety of the patient or another person; and |
|
|
(2) complies with other requirements relating to |
|
|
denial of access to an individual's protected health information |
|
|
under 45 C.F.R. Section 164.524. |
|
|
SECTION 24. Subsection (b), Section 611.008, Health and |
|
|
Safety Code, is amended to read as follows: |
|
|
(b) Except as provided by this subsection, unless [Unless] |
|
|
provided for by other state law, the professional may charge a |
|
|
reasonable fee for retrieving or copying mental health care |
|
|
information and is not required to permit examination or copying |
|
|
until the fee is paid unless there is a medical emergency. A |
|
|
covered entity shall comply with the requirements of 45 C.F.R. |
|
|
Section 164.524, including the requirement that access to protected |
|
|
health information, as those terms are defined by the privacy rule |
|
|
of the Administrative Simplification subtitle of the Health |
|
|
Insurance Portability and Accountability Act of 1996 (Pub. L. No. |
|
|
104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, |
|
|
Subparts A and E, for inspection purposes may not be denied to an |
|
|
individual or legally authorized representative for nonpayment of a |
|
|
fee. |
|
|
SECTION 25. Section 773.093, Health and Safety Code, is |
|
|
amended by adding Subsection (d) to read as follows: |
|
|
(d) If consent under this section authorizes the disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent complies with all of |
|
|
the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 26. Section 546.104, Insurance Code, is amended to |
|
|
read as follows: |
|
|
Sec. 546.104. AUTHORIZED DISCLOSURE. (a) An individual or |
|
|
an individual's legal representative may authorize disclosure of |
|
|
genetic information relating to the individual by an authorization |
|
|
that: |
|
|
(1) is written in plain language; |
|
|
(2) is dated; |
|
|
(3) contains a specific description of the information |
|
|
to be disclosed; |
|
|
(4) identifies or describes each person authorized to |
|
|
disclose the genetic information to a health benefit plan issuer; |
|
|
(5) identifies or describes the individuals or |
|
|
entities to whom the disclosure or subsequent redisclosure of the |
|
|
genetic information may be made; |
|
|
(6) describes the specific purpose of the disclosure; |
|
|
(7) is signed by the individual or legal |
|
|
representative and, if the disclosure is made to claim proceeds of |
|
|
an affected life insurance policy, the claimant; and |
|
|
(8) advises the individual or legal representative |
|
|
that the individual's authorized representative is entitled to |
|
|
receive a copy of the authorization. |
|
|
(b) If an authorization under this section authorizes the |
|
|
disclosure of protected health information by a covered entity, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization complies with |
|
|
all of the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 27. Section 4201.552, Insurance Code, is amended by |
|
|
adding Subsection (d) to read as follows: |
|
|
(d) If an authorization under this section authorizes the |
|
|
disclosure of protected health information by a covered entity, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization complies with |
|
|
all of the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 28. Section 21.4032, Labor Code, is amended to read |
|
|
as follows: |
|
|
Sec. 21.4032. AUTHORIZED DISCLOSURE. (a) An individual or |
|
|
the legal representative of an individual may authorize disclosure |
|
|
of genetic information relating to the individual by a written |
|
|
authorization that includes: |
|
|
(1) a description of the information to be disclosed; |
|
|
(2) the name of the person to whom the disclosure is |
|
|
made; and |
|
|
(3) the purpose for the disclosure. |
|
|
(b) If an authorization under this section authorizes the |
|
|
disclosure of protected health information by a covered entity, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization complies with |
|
|
all of the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 29. Subsection (c), Section 201.009, Local |
|
|
Government Code, is amended to read as follows: |
|
|
(c) Subsection (b) does not apply to: |
|
|
(1) a local government record whose public disclosure |
|
|
is prohibited by an order of a court or by another state law; or |
|
|
(2) a local government that is a covered entity |
|
|
disclosing protected health information, as those terms are defined |
|
|
by the privacy rule of the Administrative Simplification subtitle |
|
|
of the Health Insurance Portability and Accountability Act of 1996 |
|
|
(Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. |
|
|
Part 164, Subparts A and E. |
|
|
SECTION 30. Section 58.104, Occupations Code, is amended to |
|
|
read as follows: |
|
|
Sec. 58.104. AUTHORIZED DISCLOSURE. (a) An individual or |
|
|
the legal representative of an individual may authorize disclosure |
|
|
of genetic information relating to the individual by a written |
|
|
authorization that includes: |
|
|
(1) a description of the information to be disclosed; |
|
|
(2) the name of the person to whom the disclosure is |
|
|
made; and |
|
|
(3) the purpose for the disclosure. |
|
|
(b) If an authorization under this section authorizes the |
|
|
disclosure of protected health information by a covered entity, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the authorization complies with |
|
|
all of the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 31. Section 159.005, Occupations Code, is amended |
|
|
by adding Subsection (f) to read as follows: |
|
|
(f) If consent under this section authorizes the disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent complies with all of |
|
|
the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 32. Section 159.006, Occupations Code, is amended |
|
|
by amending Subsection (a) and adding Subsection (f) to read as |
|
|
follows: |
|
|
(a) Subject to Subsection (f), unless [Unless] the |
|
|
physician determines that access to the information would be |
|
|
harmful to the physical, mental, or emotional health of the |
|
|
patient, a physician who receives a written consent for release of |
|
|
information as provided by Section 159.005 shall furnish copies of |
|
|
the requested billing or medical records, or a summary or narrative |
|
|
of the records, including records received from a physician or |
|
|
other health care provider involved in the care or treatment of the |
|
|
patient. |
|
|
(f) A physician who is a covered entity may not deny a |
|
|
request under this section for protected health information, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, unless the |
|
|
physician: |
|
|
(1) determines that making the information available |
|
|
to the patient is reasonably likely to endanger the life or physical |
|
|
safety of the patient or another person; and |
|
|
(2) complies with other requirements relating to |
|
|
denial of access to an individual's protected health information |
|
|
under 45 C.F.R. Section 164.524. |
|
|
SECTION 33. Section 159.008, Occupations Code, is amended |
|
|
by amending Subsection (a) and adding Subsection (c) to read as |
|
|
follows: |
|
|
(a) Except as provided by Subsections [Subsection] (b) and |
|
|
(c), a physician: |
|
|
(1) may charge a reasonable fee, as prescribed by |
|
|
board rule, for copying billing or medical records; and |
|
|
(2) is not required to permit examination or copying |
|
|
of the records until the fee is paid unless there is a medical |
|
|
emergency. |
|
|
(c) A covered entity shall comply with the requirements of |
|
|
45 C.F.R. Section 164.524, including the requirement that access to |
|
|
protected health information, as those terms are defined by the |
|
|
privacy rule of the Administrative Simplification subtitle of the |
|
|
Health Insurance Portability and Accountability Act of 1996 (Pub. |
|
|
L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part |
|
|
164, Subparts A and E, for inspection purposes may not be denied to |
|
|
an individual or legally authorized representative for nonpayment |
|
|
of a fee. |
|
|
SECTION 34. Section 201.405, Occupations Code, is amended |
|
|
by amending Subsection (g) and adding Subsection (h) to read as |
|
|
follows: |
|
|
(g) A chiropractor who determines that access to |
|
|
information requested under Subsection (f) would be harmful to the |
|
|
physical, mental, or emotional health of the patient may refuse to |
|
|
release the information requested under this section. A |
|
|
chiropractor who is a covered entity may not deny a request under |
|
|
this subsection for protected health information, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, unless the |
|
|
chiropractor: |
|
|
(1) determines that making the record available to the |
|
|
patient is reasonably likely to endanger the life or physical |
|
|
safety of the patient or another person; and |
|
|
(2) complies with other requirements relating to |
|
|
denial of access to an individual's protected health information |
|
|
under 45 C.F.R. Section 164.524. |
|
|
(h) If a consent under this section authorizes the |
|
|
disclosure of protected health information by a covered entity, as |
|
|
those terms are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent complies with all of |
|
|
the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 35. Section 202.406, Occupations Code, is amended |
|
|
by amending Subsection (d) and adding Subsection (f) to read as |
|
|
follows: |
|
|
(d) A podiatrist shall furnish copies of podiatric records |
|
|
requested or a summary or narrative of the records under a written |
|
|
consent for release of the information as provided by this section |
|
|
unless the podiatrist determines that access to the information |
|
|
would be harmful to the physical, mental, or emotional health of the |
|
|
patient. The podiatrist may delete confidential information about |
|
|
another person who has not consented to the release. A podiatrist |
|
|
who is a covered entity may not deny a request under this subsection |
|
|
for protected health information, as those terms are defined by the |
|
|
privacy rule of the Administrative Simplification subtitle of the |
|
|
Health Insurance Portability and Accountability Act of 1996 (Pub. |
|
|
L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part |
|
|
164, Subparts A and E, unless the podiatrist: |
|
|
(1) determines that making the record available to the |
|
|
patient is reasonably likely to endanger the life or physical |
|
|
safety of the patient or another person; and |
|
|
(2) complies with other requirements relating to |
|
|
denial of access to an individual's protected health information |
|
|
under 45 C.F.R. Section 164.524. |
|
|
(f) If consent under this section authorizes the disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent complies with all of |
|
|
the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 36. Section 258.104, Occupations Code, is amended |
|
|
by adding Subsection (e) to read as follows: |
|
|
(e) If consent under this section authorizes the disclosure |
|
|
of protected health information by a covered entity, as those terms |
|
|
are defined by the privacy rule of the Administrative |
|
|
Simplification subtitle of the Health Insurance Portability and |
|
|
Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 |
|
|
C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E, the |
|
|
covered entity shall ensure that the consent complies with all of |
|
|
the privacy rule's applicable requirements, standards, and |
|
|
implementation specifications. |
|
|
SECTION 37. Section 32, Texas Local Fire Fighters |
|
|
Retirement Act (Article 6243e, Vernon's Texas Civil Statutes), is |
|
|
amended by adding Subsection (d) to read as follows: |
|
|
(d) If a disclosure under Subsection (a)(1)(D) of this |
|
|
section is a disclosure of protected health information by a |
|
|
covered entity, as those terms are defined by the privacy rule of |
|
|
the Administrative Simplification subtitle of the Health Insurance |
|
|
Portability and Accountability Act of 1996 (Pub. L. No. 104-191) |
|
|
contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A |
|
|
and E, the covered entity shall ensure that the consent to the |
|
|
disclosure complies with all of the privacy rule's applicable |
|
|
requirements, standards, and implementation specifications |
|
|
relating to authorizations for uses and disclosures of protected |
|
|
health information. |
|
|
SECTION 38. Section 3.01, Chapter 824, Acts of the 73rd |
|
|
Legislature, Regular Session, 1993 (Article 6243o, Vernon's Texas |
|
|
Civil Statutes), is amended by adding Subsection (k) to read as |
|
|
follows: |
|
|
(k) If a disclosure under Subsection (h)(1)(D) of this |
|
|
section is a disclosure of protected health information by a |
|
|
covered entity, as those terms are defined by the privacy rule of |
|
|
the Administrative Simplification subtitle of the Health Insurance |
|
|
Portability and Accountability Act of 1996 (Pub. L. No. 104-191) |
|
|
contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A |
|
|
and E, the covered entity shall ensure that the consent to the |
|
|
disclosure complies with all of the privacy rule's applicable |
|
|
requirements, standards, and implementation specifications |
|
|
relating to authorizations for uses and disclosures of protected |
|
|
health information. |
|
|
SECTION 39. (a) Each state agency shall report to the |
|
|
state auditor the agency's progress in determining compliance with |
|
|
the federal Health Insurance Portability and Accountability Act of |
|
|
1996 (Pub. L. No. 104-191), including determining whether the |
|
|
agency has designated itself to be a covered entity for the purposes |
|
|
of that Act and whether the agency is designated as a hybrid of a |
|
|
covered entity. |
|
|
(b) Each state agency must submit compliance information in |
|
|
the form and within the period prescribed by the state auditor. |
|
|
Information submitted by each agency is subject to audit by the |
|
|
state auditor, based on a risk assessment, and subject to the |
|
|
legislative audit committee's approval of including the work in the |
|
|
audit plan under Subsection (c), Section 321.013, Government Code. |
|
|
(c) State agency progress in compliance with the federal |
|
|
Health Insurance Portability and Accountability Act of 1996 (Pub. |
|
|
L. No. 104-191), and any work performed by the state auditor to |
|
|
verify the information submitted by the agency, shall be reported |
|
|
by the state auditor to the office of the attorney general and the |
|
|
appropriate legislative committees. |
|
|
SECTION 40. This Act takes effect September 1, 2007. |
|
|
|
|
|
* * * * * |