Texas Enacts Health Care Privacy Law

Texas Governor Rick Perry recently signed a new electronic health record privacy bill into law. The new Texas privacy law, HB 300, imposes strict requirements relating use and disclosure of protected health information (?Ç£PHI?Ç¥) on covered entities (health care providers, health insurers and clearinghouses). The law is effective September 1, 2012 and, in some aspects, imposes more stringent requirements than the federal Health Insurance Portability and Accountability Act (?Ç£HIPAA?Ç¥). HB 300 requires covered entities to provide patients with electronic copies of their health records within 15 days of the patient?ÇÖs written request for the records as compared to 30 days under HIPAA. HB 300 also requires that initial HIPAA training be provided to any employee of a covered entity and be repeated at least once every two years. Additionally, HB 300 authorizes civil penalties ranging from $5,000 to $1.5 million for the unlawful disclosure of a patient?ÇÖs PHI. Covered entities should begin a thorough review of their HIPAA policies, procedures and training to comply with HB 300.