| |
| |
|
|
A BILL TO BE ENTITLED
|
|
|
AN ACT
|
|
|
relating to restrictions on the use of digital identification |
|
|
systems for patient health care records. |
|
|
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS: |
|
|
SECTION 1. Subtitle I, Title 2, Health and Safety Code, is |
|
|
amended by adding Chapter 183 to read as follows: |
|
|
CHAPTER 183. DIGITAL IDENTIFICATION SYSTEMS FOR HEALTH CARE |
|
|
RECORDS |
|
|
Sec. 183.001. DEFINITIONS. In this chapter: |
|
|
(1) "Covered entity" has the meaning assigned by |
|
|
Section 181.001. |
|
|
(2) "Digital identification system" means an |
|
|
electronic system that uses digital technology throughout the |
|
|
process of identifying an individual, including: |
|
|
(A) data capture, validation, storage, and |
|
|
transfer; |
|
|
(B) credential management; and |
|
|
(C) identity verification and authentication. |
|
|
(3) "Health care provider" means a person who is |
|
|
licensed, certified, or otherwise authorized to provide or render |
|
|
health care in this state in the ordinary course of business or |
|
|
practice of a profession. |
|
|
Sec. 183.002. CONSENT REQUIREMENT FOR USE OF DIGITAL |
|
|
IDENTIFICATION SYSTEMS. (a) Unless a covered entity or health care |
|
|
provider obtains a patient's written informed consent, the entity |
|
|
or provider may not: |
|
|
(1) use a digital identification system, including a |
|
|
system created or operated by this state, to store a patient's |
|
|
health care records, including genetic or biological information; |
|
|
or |
|
|
(2) require the use of a digital identification system |
|
|
for a patient to access the patient's health care records. |
|
|
(b) A health care provider may not coerce a patient to |
|
|
consent to the use of a digital identification system, including by |
|
|
requiring consent as a condition of receiving health care services |
|
|
or treatment from the provider. |
|
|
Sec. 183.003. COMMERCIAL USE PROHIBITED WITHOUT |
|
|
COMPENSATION. A covered entity or health care provider who obtains |
|
|
a patient's written informed consent under Section 183.002 may not |
|
|
use the patient's health care records for commercial gain in any |
|
|
manner unless the entity or provider provides reasonable |
|
|
compensation to the patient. |
|
|
Sec. 183.004. CONFIDENTIALITY. (a) A covered entity or |
|
|
health care provider who obtains a patient's written informed |
|
|
consent under Section 183.002 shall ensure the patient's health |
|
|
care records are kept confidential in accordance with applicable |
|
|
state and federal law. |
|
|
(b) A covered entity or health care provider shall ensure |
|
|
that a patient's health care records do not include identifying |
|
|
information when the entity or provider shares the records in |
|
|
accordance with the patient's written informed consent provided |
|
|
under Section 183.002. |
|
|
Sec. 183.005. ENFORCEMENT. A violation of this chapter by a |
|
|
covered entity or health care provider constitutes a violation of |
|
|
Chapter 181 and the entity or provider is subject to enforcement |
|
|
actions under Subchapter E of that chapter, including disciplinary |
|
|
action by the appropriate licensing authority. |
|
|
Sec. 183.006. RULES. The executive commissioner shall |
|
|
adopt rules to implement this chapter. |
|
|
SECTION 2. Chapter 183, Health and Safety Code, as added by |
|
|
this Act, applies only to the use of a digital identification system |
|
|
that occurs on or after the effective date of this Act. |
|
|
SECTION 3. This Act takes effect September 1, 2023. |