Bigger is Better in Texas when it comes to HIPAA privacy protection.
On September 1st, 2012 Texas’ House Bill 300 goes into effect. HB300, passed last year and signed into law by Governor Rick Perry, amends the Texas Medical Records Privacy Act and expands patient privacy protections beyond those required by HIPAA. It also mandates stiffer penalties for privacy violations related to Personal Health Information (PHI) and Electronic Health Records (EHR). The new law includes an expanded definition of covered entities, changes to the training requirements of personnel, changes to the release of PHI to patients, and expanded requirement of “Notice of Privacy Practices”.
Are you part of the “newly required”?
Under the new law, the scope of HIPAA covered entities has been changed to now cover almost anybody who works with or has access to PHI or EHR including; business associates, computer management entities, schools, researchers, anybody who maintains electronic records, website providers and computer support personnel. It does however, specifically exempt employers who, through the functions of providing health insurance, Work Comp insurance, etc., see confidential information. Newly covered entities that may not have needed a “Notice of Privacy Practices” will now be required to issue one if they handle or have access to EHRs.
Increased Penalties and Training
The new law also contains severe civil penalties for HIPAA violations ranging from $5000 to $1.5 million. Penalties are based on the type of violation as well as the circumstances surrounding it; violations done knowingly or for financial gain have the stiffest penalties by up to 10 times that of an accidental violation. To avoid this, covered entities are now required to provide customized HIPAA privacy protection training to all employees every 2 years and to new employees within 6 months of hire date and to maintain written records of this.
Patient Records
Under the new law, providers will now have to provide patients with electronic copies of their medical records within 15 days of receipt of written notice instead of the 30 days that is currently allowed by federal regulations. The Texas Health and Human Services Commission is now responsible for establishing the format for these copies and that the new format is consistent with federal laws.
To find out more about HB300, go to http://www.legis.state.tx.us/BillLookup/Text.aspx?LegSess=82R&Bill=HB300
You must be logged in to post a comment.