The bill would amend Chapter 181 of the Health and Safety Code by directing the executive commissioner of the Health and Human Services Commission (HHSC) to adopt rules consistent with the Health Insurance Portability and Accountability Act and Privacy (HIPAA) standards and access to and use of protected health information. The bill would require the executive commissioner to adopt rules that require each covered entity to provide training regarding protected health information, to provide and receive written notification and acceptance of legal restrictions on the use and disclosure of protected information when disseminating protected health information, and to provide a person's electronic health record within fifteen business days of receiving the request for the information.

The bill would direct the Office of the Attorney General (OAG) to maintain an internet website with information for consumers regarding privacy rights under federal and state law related to protected health information, a list of state agencies that regulate covered entities in the state, information regarding the complaint enforcement process, and contact information for each agency. The bill would also require the OAG to submit to the legislature a report on the number and types of complaints received.

The bill would prohibit a covered entity from disclosing protected health information to any person in exchange for direct or indirect remuneration, except for the purposes of medical treatment, payment of health care costs, health care operations, or research. The bill would authorize civil penalties against a covered entity for a violation of the provisions under Chapter 181, Health and Safety Code.

The bill would direct HHSC, in consultation with the Department of State Health Services, the Texas Medical Board, and the Texas Department of Insurance, to provide a report to the legislature on new developments in safeguarding protected health information.

The bill would amend the penal code in alignment with provisions of the bill regarding privacy rights for protected health information.

The bill would take effect September 1, 2011.

The federal Health Information Technology for Economic and Clinical Health Act (HITECH Act), which included enhanced medical record and HIPAA privacy provisions, provided funding for health information technology development at the state level. Health Information Technology provides a framework for the management of health information and its exchange between consumers, providers, insurers, government, and quality review entities. The Health Information Exchange (HIE) Plan was developed by HHSC and the Texas Health Service Authority (THSA) and approved in November of 2010. The plan is extensive and provides a four-year outline for the state's HIE implementation schedule, which includes policy and technology system development for several state agencies. This analysis assumes costs of implementing the provisions of the bill can be absorbed within existing agency resources.

The Office of the Attorney General, the Texas Medical Board, the Texas Department of Insurance and HHSC anticipate any additional work resulting from the passage of the bill could be reasonably absorbed within current resources.