| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to the use, collection, and security of health care data |
|
|
collected by the Department of State Health Services. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Section 108.009, Health and Safety Code, is |
|
|
amended by adding Subsection (c) to read as follows: |
|
|
(c) The department or another entity as determined by the |
|
|
department to collect data from a provider under Subsection (a) |
|
|
shall maintain a database that does not include identifying |
|
|
information for use as authorized by law, including this chapter. |
|
|
SECTION 2. Chapter 108, Health and Safety Code, is amended |
|
|
by adding Section 108.0095 to read as follows: |
|
|
Sec. 108.0095. NOTIFICATION OF DATA COLLECTION. (a) A |
|
|
provider shall provide to a patient whose data is being collected |
|
|
under this chapter written notice on a form prescribed by the |
|
|
department of the collection of the patient's data for health care |
|
|
purposes. |
|
|
(b) The notice provided under this section must include the |
|
|
name of the agency or entity receiving the data and of an individual |
|
|
within the agency or entity whom the patient may contact regarding |
|
|
the collection of data. |
|
|
(c) The department shall include the notice required under |
|
|
this section on an existing department form and make the form |
|
|
available on the department's Internet website. |
|
|
SECTION 3. Section 108.011(d), Health and Safety Code, as |
|
|
amended by S.B. 219, Acts of the 84th Legislature, Regular Session, |
|
|
2015, is amended to read as follows: |
|
|
(d) The executive commissioner shall adopt procedures to |
|
|
establish the accuracy and consistency of the public use data |
|
|
before releasing the public use data to the public. The department |
|
|
may adopt additional procedures as the department determines |
|
|
necessary. The procedures adopted under this subsection must meet |
|
|
available best practices and national standards for public research |
|
|
on and consumer use of health care data collected by governmental |
|
|
agencies. |
|
|
SECTION 4. Section 108.013(a), Health and Safety Code, as |
|
|
amended by S.B. 219, Acts of the 84th Legislature, Regular Session, |
|
|
2015, is amended to read as follows: |
|
|
(a) The data received by the department under this chapter |
|
|
shall be used by the department and commission only for the benefit |
|
|
of the public. Subject to specific limitations established by this |
|
|
chapter and department rule, the department shall make |
|
|
determinations on requests for information in favor of access. |
|
|
SECTION 5. Chapter 108, Health and Safety Code, is amended |
|
|
by adding Section 108.0136 to read as follows: |
|
|
Sec. 108.0136. REPORT; NOTIFICATION OF CYBER ATTACK. (a) |
|
|
The department shall prepare for the commissioner an annual report |
|
|
describing the security measures taken to protect data collected |
|
|
under this chapter and any breaches, attempted cyber attacks, and |
|
|
security issues related to the data that are encountered during the |
|
|
calendar year. |
|
|
(b) The report described by this section is not subject to |
|
|
Chapter 552, Government Code, but may be released on request to a |
|
|
member of the legislature. |
|
|
(c) If a cyber attack occurs targeting data collected under |
|
|
this chapter, the department shall notify the Department of Public |
|
|
Safety of the State of Texas and the Federal Bureau of Investigation |
|
|
of the attack. |
|
|
SECTION 6. This Act takes effect September 1, 2015. |