The bill would amend Chapter 181 of the Health and Safety Code to direct all covered entities to comply with the Health Insurance Portability and Accountability Act and Privacy (HIPAA) standards and rules regarding access to and use of protected health information. The bill would require a covered entity to provide a person's electronic health record within fifteen days of receiving the request for the information and would authorize the entity to charge a fee for the copy of the public health information. The bill would also establish new rules regarding record retention periods at covered entities.

The bill would require the Office of the Attorney General (OAG) to adopt rules, no later than January 1, 2012, to create and adopt a standard authoriziation form for use in complying with authorized requests for disclosure of protected health information.

The bill would increase the maximum civil penalties for violations of the Medical Privacy Act. The bill would authorize the Health and Human Services Commission (HHSC) to refer disciplinary licensing actions involving violations to the OAG for civil enforcement. The number of potential violations and the amount of penalties levied are unknown; therefore, there could be an indeterminate revenue increase to the state.

The bill would direct the OAG, in coordination with HHSC, the Texas Health Services Authority, and the Texas Department of Insurance (TDI) to conduct periodic audits of covered entities. The bill would require the OAG to adopt rules to administer the audit provisions, to review a complaint received from any individual, and to report annually to the Legislature regarding the number and type of complaints, enforcement actions, and state and federal audits. 

The bill would direct HHSC, with the Texas Health Services Authority and the Texas Medical Board, to review issues regarding security and accessibility of protected health information maintained by "unsustainable" covered entities (assumed to mean a covered entity that goes out of business). The bill would require HHSC to report to the Legislature on recommendations for state agency maintenance and retention of those records.

The bill would direct the OAG to establish a task force on health information technology to develop recommendations regarding the informed consent protocols, improvements in patient access to electronic protected health information, and other issues. The bill would require the task force to submit its report of recommendations to the Legislature by January 1, 2013.

The bill would take effect September 1, 2011.

The federal Health Information Technology for Economic and Clinical Health Act (HITECH Act), which included enhanced medical record and HIPAA privacy provisions, provided funding for health information technology development at the state level. Health Information Technology provides a framework for the management of health information and its exchange between consumers, providers, insurers, government, and quality review entities. The Health Information Exchange (HIE) Plan was developed by HHSC and the Texas Health Service Authority and approved in November of 2010. The plan is extensive and provides a four-year outline for the state's HIE implementation schedule, which includes policy and technology system development for several state agencies.

This analysis assumes costs of implementing the provisions of the bill could be absorbed within the agencies' current resources, which include Federal Funds specifically for this purpose.