Texas Health and Safety Code

As effective September 1, 2019

Subtitle I

Chapter 181

Subchapter A

Sec. 181.001: Definitions

(a) Unless otherwise defined in this chapter, each term that is used in this chapter has the meaning assigned by the Health Insurance Portability and Accountability Act and Privacy Standards.

(b) In this chapter:

(1) Repealed by Acts 2015, 84th Leg., R.S., Ch. 1, Sec. 3.1639(55), eff. April 2, 2015.

(2) "Covered entity" means any person who:

(A) for commercial, financial, or professional gain, monetary fees, or dues, or on a cooperative, nonprofit, or pro bono basis, engages, in whole or in part, and with real or constructive knowledge, in the practice of assembling, collecting, analyzing, using, evaluating, storing, or transmitting protected health information. The term includes a business associate, health care payer, governmental unit, information or computer management entity, school, health researcher, health care facility, clinic, health care provider, or person who maintains an Internet site;

(B) comes into possession of protected health information;

(C) obtains or stores protected health information under this chapter; or

(D) is an employee, agent, or contractor of a person described by Paragraph (A), (B), or (C) insofar as the employee, agent, or contractor creates, receives, obtains, maintains, uses, or transmits protected health information.

(2-a) "Disclose" means to release, transfer, provide access to, or otherwise divulge information outside the entity holding the information.

(2-b) Repealed by Acts 2015, 84th Leg., R.S., Ch. 1, Sec. 3.1639(55), eff. April 2, 2015.

(3) "Health Insurance Portability and Accountability Act and Privacy Standards" means the privacy requirements in existence on September 1, 2011, of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.

(4) "Marketing" means:

(A) making a communication about a product or service that encourages a recipient of the communication to purchase or use the product or service, unless the communication is made:

(i) to describe a health-related product or service or the payment for a health-related product or service that is provided by, or included in a plan of benefits of, the covered entity making the communication, including communications about:

(a) the entities participating in a health care provider network or health plan network;

(b) replacement of, or enhancement to, a health plan; or

(c) health-related products or services available only to a health plan enrollee that add value to, but are not part of, a plan of benefits;

(ii) for treatment of the individual;

(iii) for case management or care coordination for the individual, or to direct or recommend alternative treatments, therapies, health care providers, or settings of care to the individual; or

(iv) by a covered entity to an individual that encourages a change to a prescription drug included in the covered entity's drug formulary or preferred drug list;

(B) an arrangement between a covered entity and any other entity under which the covered entity discloses protected health information to the other entity, in exchange for direct or indirect remuneration, for the other entity or its affiliate to make a communication about its own product or service that encourages recipients of the communication to purchase or use that product or service; and

(C) notwithstanding Paragraphs (A)(ii) and (iii), a product-specific written communication to a consumer that encourages a change in products.

(5) "Product" means a prescription drug or prescription medical device.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 924, Sec. 2.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 1, eff. September 1, 2012.

Acts 2015, 84th Leg., R.S., Ch. 1 (S.B. 219), Sec. 3.1639(55), eff. April 2, 2015.

Sec. 181.002: Applicability

(a) Except as provided by Section 181.205, this chapter does not affect the validity of another statute of this state that provides greater confidentiality for information made confidential by this chapter.

(b) To the extent that this chapter conflicts with another law, other than Section 58.0052, Family Code, with respect to protected health information collected by a governmental body or unit, this chapter controls.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 924, Sec. 3, eff. Sept. 1, 2003.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 653 (S.B. 1106), Sec. 5, eff. June 17, 2011.

Sec. 181.003: Sovereign Immunity

This chapter does not waive sovereign immunity to suit or liability.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.004: Applicability of State and Federal Law

(a) A covered entity, as that term is defined by 45 C.F.R. Section 160.103, shall comply with the Health Insurance Portability and Accountability Act and Privacy Standards.

(b) Subject to Section 181.051, a covered entity, as that term is defined by Section 181.001, shall comply with this chapter.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 2, eff. September 1, 2012.

Sec. 181.005: Duties of the Executive Commissioner

(a) The executive commissioner shall administer this chapter and may adopt rules consistent with the Health Insurance Portability and Accountability Act and Privacy Standards to administer this chapter.

(b) The executive commissioner shall review amendments to the definitions in 45 C.F.R. Parts 160 and 164 that occur after September 1, 2011, and determine whether it is in the best interest of the state to adopt the amended federal regulations. If the executive commissioner determines that it is in the best interest of the state to adopt the amended federal regulations, the amended regulations shall apply as required by this chapter.

(c) In making a determination under this section, the executive commissioner must consider, in addition to other factors affecting the public interest, the beneficial and adverse effects the amendments would have on:

(1) the lives of individuals in this state and their expectations of privacy; and

(2) governmental entities, institutions of higher education, state-owned teaching hospitals, private businesses, and commerce in this state.

(d) The executive commissioner shall prepare a report of the executive commissioner's determination made under this section and shall file the report with the presiding officer of each house of the legislature before the 30th day after the date the determination is made. The report must include an explanation of the reasons for the determination.

Comments

Added by Acts 2003, 78th Leg., ch. 924, Sec. 4, eff. Sept. 1, 2003.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 3, eff. September 1, 2012.

Sec. 181.006: Protected Health Information Not Public

Notwithstanding Sections 181.004 and 181.051, for a covered entity that is a governmental unit, an individual's protected health information:

(1) includes any information that reflects that an individual received health care from the covered entity; and

(2) is not public information and is not subject to disclosure under Chapter 552, Government Code.

Comments

Added by Acts 2009, 81st Leg., R.S., Ch. 419 (H.B. 2004), Sec. 5, eff. September 1, 2009.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 4, eff. September 1, 2012.

Subchapter B

Sec. 181.051: Partial Exemption

Except for Subchapter D, this chapter does not apply to:

(1) a covered entity as defined by Section 602.001, Insurance Code;

(2) an entity established under Article 5.76-3, Insurance Code; or

(3) an employer.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 1274, Sec. 20, eff. April 1, 2005.

Sec. 181.052: Processing Payment Transactions By Financial Institutions

(a) In this section, "financial institution" has the meaning assigned by Section 1101, Right to Financial Privacy Act of 1978 (12 U.S.C. Section 3401), and its subsequent amendments.

(b) To the extent that a covered entity engages in activities of a financial institution, or authorizes, processes, clears, settles, bills, transfers, reconciles, or collects payments for a financial institution, this chapter and any rule adopted under this chapter does not apply to the covered entity with respect to those activities, including the following:

(1) using or disclosing information to authorize, process, clear, settle, bill, transfer, reconcile, or collect a payment for, or related to, health plan premiums or health care, if the payment is made by any means, including a credit, debit, or other payment card, an account, a check, or an electronic funds transfer; and

(2) requesting, using, or disclosing information with respect to a payment described by Subdivision (1):

(A) for transferring receivables;

(B) for auditing;

(C) in connection with a customer dispute or an inquiry from or to a customer;

(D) in a communication to a customer of the entity regarding the customer's transactions, payment card, account, check, or electronic funds transfer;

(E) for reporting to consumer reporting agencies; or

(F) for complying with a civil or criminal subpoena or a federal or state law regulating the covered entity.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.053: Nonprofit Agencies

The executive commissioner shall by rule exempt from this chapter a nonprofit agency that pays for health care services or prescription drugs for an indigent person only if the agency's primary business is not the provision of health care or reimbursement for health care services.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 1 (S.B. 219), Sec. 3.0521, eff. April 2, 2015.

Sec. 181.054: Workers' Compensation

This chapter does not apply to:

(1) workers' compensation insurance or a function authorized by Title 5, Labor Code; or

(2) any person or entity in connection with providing, administering, supporting, or coordinating any of the benefits under a self-insured program for workers' compensation.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.055: Employee Benefit Plan

This chapter does not apply to:

(1) an employee benefit plan; or

(2) any covered entity or other person, insofar as the entity or person is acting in connection with an employee benefit plan.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.056: American Red Cross

This chapter does not prohibit the American Red Cross from accessing any information necessary to perform its duties to provide biomedical services, disaster relief, disaster communication, or emergency leave verification services for military personnel.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 924, Sec. 5, eff. Sept. 1, 2003.

Sec. 181.057: Information Relating to Offenders with Mental Impairments

This chapter does not apply to an agency described by Section 614.017 with respect to the disclosure, receipt, transfer, or exchange of medical and health information and records relating to individuals in the custody of an agency or in community supervision.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.058: Educational Records

In this chapter, protected health information does not include:

(1) education records covered by the Family Educational Rights and Privacy Act of 1974 (20 U.S.C. Section 1232g) and its subsequent amendments; or

(2) records described by 20 U.S.C. Section 1232g(a)(4)(B)(iv) and its subsequent amendments.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.059: Crime Victim Compensation

This chapter does not apply to any person or entity in connection with providing, administering, supporting, or coordinating any of the benefits regarding compensation to victims of crime as provided by Subchapter B, Chapter 56, Code of Criminal Procedure.

Comments

Text of section effective until January 01, 2021

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 5, eff. September 1, 2012.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 469 (H.B. 4173), Sec. 2.53, eff. January 1, 2021.

Sec. 181.059: Crime Victim Compensation

This chapter does not apply to any person or entity in connection with providing, administering, supporting, or coordinating any of the benefits regarding compensation to victims of crime as provided by Chapter 56B, Code of Criminal Procedure.

Comments

Text of section effective on January 01, 2021

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 5, eff. September 1, 2012.

Amended by:

Acts 2019, 86th Leg., R.S., Ch. 469 (H.B. 4173), Sec. 2.53, eff. January 1, 2021.

Subchapter C

Sec. 181.101: Training Required

(a) Each covered entity shall provide training to employees of the covered entity regarding the state and federal law concerning protected health information as necessary and appropriate for the employees to carry out the employees' duties for the covered entity.

(b) An employee of a covered entity must complete training described by Subsection (a) not later than the 90th day after the date the employee is hired by the covered entity.

(c) If the duties of an employee of a covered entity are affected by a material change in state or federal law concerning protected health information, the employee shall receive training described by Subsection (a) within a reasonable period, but not later than the first anniversary of the date the material change in law takes effect.

(d) A covered entity shall require an employee of the entity who receives training described by Subsection (a) to sign, electronically or in writing, a statement verifying the employee's completion of training. The covered entity shall maintain the signed statement until the sixth anniversary of the date the statement is signed.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 6, eff. September 1, 2012.

Amended by:

Acts 2013, 83rd Leg., R.S., Ch. 1367 (S.B. 1609), Sec. 1, eff. June 14, 2013.

Sec. 181.102: Consumer Access to Electronic Health Records

(a) Except as provided by Subsection (b), if a health care provider is using an electronic health records system that is capable of fulfilling the request, the health care provider, not later than the 15th business day after the date the health care provider receives a written request from a person for the person's electronic health record, shall provide the requested record to the person in electronic form unless the person agrees to accept the record in another form.

(b) A health care provider is not required to provide access to a person's protected health information that is excepted from access, or to which access may be denied, under 45 C.F.R. Section 164.524.

(c) For purposes of Subsection (a), the executive commissioner, in consultation with the department, the Texas Medical Board, and the Texas Department of Insurance, by rule may recommend a standard electronic format for the release of requested health records. The standard electronic format recommended under this section must be consistent, if feasible, with federal law regarding the release of electronic health records.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 6, eff. September 1, 2012.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 1 (S.B. 219), Sec. 3.0522, eff. April 2, 2015.

Sec. 181.103: Consumer Information Website

The attorney general shall maintain an Internet website that provides:

(1) information concerning a consumer's privacy rights regarding protected health information under federal and state law;

(2) a list of the state agencies, including the department, the Texas Medical Board, and the Texas Department of Insurance, that regulate covered entities in this state and the types of entities each agency regulates;

(3) detailed information regarding each agency's complaint enforcement process; and

(4) contact information, including the address of the agency's Internet website, for each agency listed under Subdivision (2) for reporting a violation of this chapter.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 6, eff. September 1, 2012.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 1 (S.B. 219), Sec. 3.0523, eff. April 2, 2015.

Sec. 181.104: Consumer Complaint Report By Attorney General

(a) The attorney general annually shall submit to the legislature a report describing:

(1) the number and types of complaints received by the attorney general and by the state agencies receiving consumer complaints under Section 181.103; and

(2) the enforcement action taken in response to each complaint reported under Subdivision (1).

(b) Each state agency that receives consumer complaints under Section 181.103 shall submit to the attorney general, in the form required by the attorney general, the information the attorney general requires to compile the report required by Subsection (a).

(c) The attorney general shall de-identify protected health information from the individual to whom the information pertains before including the information in the report required by Subsection (a).

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 6, eff. September 1, 2012.

Subchapter D

Sec. 181.151: Reidentified Information

A person may not reidentify or attempt to reidentify an individual who is the subject of any protected health information without obtaining the individual's consent or authorization if required under this chapter or other state or federal law.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.152: Marketing Uses of Information

(a) A covered entity must obtain clear and unambiguous permission in written or electronic form to use or disclose protected health information for any marketing communication, except if the communication is:

(1) in the form of a face-to-face communication made by a covered entity to an individual;

(2) in the form of a promotional gift of nominal value provided by the covered entity;

(3) necessary for administration of a patient assistance program or other prescription drug savings or discount program; or

(4) made at the oral request of the individual.

(b) If a covered entity uses or discloses protected health information to send a written marketing communication through the mail, the communication must be sent in an envelope showing only the names and addresses of sender and recipient and must:

(1) state the name and toll-free number of the entity sending the marketing communication; and

(2) explain the recipient's right to have the recipient's name removed from the sender's mailing list.

(c) A person who receives a request under Subsection (b)(2) to remove a person's name from a mailing list shall remove the person's name not later than the 45th day after the date the person receives the request.

(d) A marketing communication made at the oral request of the individual under Subsection (a)(4) may be made only if clear and unambiguous oral permission for the use or disclosure of the protected health information is obtained. The marketing communication must be limited to the scope of the oral permission and any further marketing communication must comply with the requirements of this section.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001. Amended by Acts 2003, 78th Leg., ch. 924, Sec. 6, eff. Jan. 1, 2004.

Sec. 181.153: Sale of Protected Health Information Prohibited; Exceptions

(a) A covered entity may not disclose an individual's protected health information to any other person in exchange for direct or indirect remuneration, except that a covered entity may disclose an individual's protected health information:

(1) to another covered entity, as that term is defined by Section 181.001, or to a covered entity, as that term is defined by Section 602.001, Insurance Code, for the purpose of:

(A) treatment;

(B) payment;

(C) health care operations; or

(D) performing an insurance or health maintenance organization function described by Section 602.053, Insurance Code; or

(2) as otherwise authorized or required by state or federal law.

(b) The direct or indirect remuneration a covered entity receives for making a disclosure of protected health information authorized by Subsection (a)(1)(D) may not exceed the covered entity's reasonable costs of preparing or transmitting the protected health information.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 7, eff. September 1, 2012.

Sec. 181.154: Notice and Authorization Required for Electronic Disclosure of Protected Health Information; Exceptions

(a) A covered entity shall provide notice to an individual for whom the covered entity creates or receives protected health information if the individual's protected health information is subject to electronic disclosure. A covered entity may provide general notice by:

(1) posting a written notice in the covered entity's place of business;

(2) posting a notice on the covered entity's Internet website; or

(3) posting a notice in any other place where individuals whose protected health information is subject to electronic disclosure are likely to see the notice.

(b) Except as provided by Subsection (c), a covered entity may not electronically disclose an individual's protected health information to any person without a separate authorization from the individual or the individual's legally authorized representative for each disclosure. An authorization for disclosure under this subsection may be made in written or electronic form or in oral form if it is documented in writing by the covered entity.

(c) The authorization for electronic disclosure of protected health information described by Subsection (b) is not required if the disclosure is made:

(1) to another covered entity, as that term is defined by Section 181.001, or to a covered entity, as that term is defined by Section 602.001, Insurance Code, for the purpose of:

(A) treatment;

(B) payment;

(C) health care operations; or

(D) performing an insurance or health maintenance organization function described by Section 602.053, Insurance Code; or

(2) as otherwise authorized or required by state or federal law.

(d) The attorney general shall adopt a standard authorization form for use in complying with this section. The form must comply with the Health Insurance Portability and Accountability Act and Privacy Standards and this chapter.

(e) This section does not apply to a covered entity, as defined by Section 602.001, Insurance Code, if that entity is not a covered entity as defined by 45 C.F.R. Section 160.103.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 7, eff. September 1, 2012.

Subchapter E

Sec. 181.201: Injunctive Relief; Civil Penalty

(a) The attorney general may institute an action for injunctive relief to restrain a violation of this chapter.

(b) In addition to the injunctive relief provided by Subsection (a), the attorney general may institute an action for civil penalties against a covered entity for a violation of this chapter. A civil penalty assessed under this section may not exceed:

(1) $5,000 for each violation that occurs in one year, regardless of how long the violation continues during that year, committed negligently;

(2) $25,000 for each violation that occurs in one year, regardless of how long the violation continues during that year, committed knowingly or intentionally; or

(3) $250,000 for each violation in which the covered entity knowingly or intentionally used protected health information for financial gain.

(b-1) The total amount of a penalty assessed against a covered entity under Subsection (b) in relation to a violation or violations of Section 181.154 may not exceed $250,000 annually if the court finds that the disclosure was made only to another covered entity and only for a purpose described by Section 181.154(c) and the court finds that:

(1) the protected health information disclosed was encrypted or transmitted using encryption technology designed to protect against improper disclosure;

(2) the recipient of the protected health information did not use or release the protected health information; or

(3) at the time of the disclosure of the protected health information, the covered entity had developed, implemented, and maintained security policies, including the education and training of employees responsible for the security of protected health information.

(c) If the court in which an action under Subsection (b) is pending finds that the violations have occurred with a frequency as to constitute a pattern or practice, the court may assess a civil penalty not to exceed $1.5 million annually.

(d) In determining the amount of a penalty imposed under Subsection (b), the court shall consider:

(1) the seriousness of the violation, including the nature, circumstances, extent, and gravity of the disclosure;

(2) the covered entity's compliance history;

(3) whether the violation poses a significant risk of financial, reputational, or other harm to an individual whose protected health information is involved in the violation;

(4) whether the covered entity was certified at the time of the violation as described by Section 182.108;

(5) the amount necessary to deter a future violation; and

(6) the covered entity's efforts to correct the violation.

(e) The attorney general may institute an action against a covered entity that is licensed by a licensing agency of this state for a civil penalty under this section only if the licensing agency refers the violation to the attorney general under Section 181.202(2).

(f) The office of the attorney general may retain a reasonable portion of a civil penalty recovered under this section, not to exceed amounts specified in the General Appropriations Act, for the enforcement of this subchapter.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 8, eff. September 1, 2012.

Sec. 181.202: Disciplinary Action

In addition to the penalties prescribed by this chapter, a violation of this chapter by a covered entity that is licensed by an agency of this state is subject to investigation and disciplinary proceedings, including probation or suspension by the licensing agency. If there is evidence that the violations of this chapter are egregious and constitute a pattern or practice, the agency may:

(1) revoke the covered entity's license; or

(2) refer the covered entity's case to the attorney general for the institution of an action for civil penalties under Section 181.201(b).

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 9, eff. September 1, 2012.

Sec. 181.203: Exclusion from State Programs

In addition to the penalties prescribed by this chapter, a covered entity shall be excluded from participating in any state-funded health care program if a court finds the covered entity engaged in a pattern or practice of violating this chapter.

Comments

Added by Acts 2001, 77th Leg., ch. 1511, Sec. 1, eff. Sept. 1, 2001.

Sec. 181.205: Mitigation

(a) In an action or proceeding to impose an administrative penalty or assess a civil penalty for actions related to the disclosure of individually identifiable health information, a covered entity may introduce, as mitigating evidence, evidence of the entity's good faith efforts to comply with:

(1) state law related to the privacy of individually identifiable health information; or

(2) the Health Insurance Portability and Accountability Act and Privacy Standards.

(b) In determining the amount of a penalty imposed under other law in accordance with Section 181.202, a court or state agency shall consider the following factors:

(1) the seriousness of the violation, including the nature, circumstances, extent, and gravity of the disclosure;

(2) the covered entity's compliance history;

(3) whether the violation poses a significant risk of financial, reputational, or other harm to an individual whose protected health information is involved in the violation;

(4) whether the covered entity was certified at the time of the violation as described by Section 182.108;

(5) the amount necessary to deter a future violation; and

(6) the covered entity's efforts to correct the violation.

(c) On receipt of evidence under Subsections (a) and (b), a court or state agency shall consider the evidence and mitigate imposition of an administrative penalty or assessment of a civil penalty accordingly.

Comments

Added by Acts 2003, 78th Leg., ch. 924, Sec. 7, eff. Sept. 1, 2003.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 10, eff. September 1, 2012.

Sec. 181.206: Audits of Covered Entities

(a) The commission, in coordination with the attorney general and the Texas Department of Insurance:

(1) may request that the United States secretary of health and human services conduct an audit of a covered entity, as that term is defined by 45 C.F.R. Section 160.103, in this state to determine compliance with the Health Insurance Portability and Accountability Act and Privacy Standards; and

(2) shall periodically monitor and review the results of audits of covered entities in this state conducted by the United States secretary of health and human services.

(a-1) Notwithstanding Subsection (a), the commission shall also coordinate with the Texas Health Services Authority when requesting an audit or monitoring and reviewing the results of an audit under Subsection (a). This subsection expires September 1, 2021.

(b) If the commission has evidence that a covered entity has committed violations of this chapter that are egregious and constitute a pattern or practice, the commission may:

(1) require the covered entity to submit to the commission the results of a risk analysis conducted by the covered entity if required by 45 C.F.R. Section 164.308(a)(1)(ii)(A); or

(2) if the covered entity is licensed by a licensing agency of this state, request that the licensing agency conduct an audit of the covered entity's system to determine compliance with the provisions of this chapter.

(c) The commission annually shall submit to the appropriate standing committees of the senate and the house of representatives a report regarding the number of federal audits of covered entities in this state and the number of audits required under Subsection (b).

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 11, eff. September 1, 2012.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 2, eff. September 1, 2015.

Sec. 181.207: Funding

(a) The commission and the Texas Department of Insurance shall apply for and actively pursue available federal funding for enforcement of this chapter.

(b) Notwithstanding Subsection (a), the commission and the Texas Department of Insurance shall consult with the Texas Health Services Authority when applying for or pursuing federal funding under Subsection (a). This subsection expires September 1, 2021.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 11, eff. September 1, 2012.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 3, eff. September 1, 2015.

Chapter 182

Subchapter A

Sec. 182.001: Purpose

This chapter establishes the Texas Health Services Authority as a public-private collaborative to implement the state-level health information technology functions identified by the Texas Health Information Technology Advisory Committee by serving as a catalyst for the development of a seamless electronic health information infrastructure to support the health care system in the state and to improve patient safety and quality of care.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.002: Definitions

In this chapter:

(1) "Board" means the board of directors of the corporation.

(2) "Corporation" means the Texas Health Services Authority.

(2-a) "Covered entity" has the meaning assigned by Section 181.001.

(3) "De-identified protected health information" means protected health information that is not individually identifiable health information as that term is defined by the privacy rule of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.

(3-a) "Disclose" has the meaning assigned by Section 181.001.

(3-b) "Health Insurance Portability and Accountability Act and Privacy Standards" has the meaning assigned by Section 181.001.

(4) "Individually identifiable health information" means individually identifiable health information as that term is defined by the privacy rule of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.

(5) "Physician" means:

(A) an individual licensed to practice medicine in this state under the authority of Subtitle B, Title 3, Occupations Code;

(B) a professional entity organized in conformity with Title 7, Business Organizations Code, and permitted to practice medicine under Subtitle B, Title 3, Occupations Code;

(C) a partnership organized in conformity with Title 4, Business Organizations Code, composed entirely of individuals licensed to practice medicine under Subtitle B, Title 3, Occupations Code;

(D) an approved nonprofit health corporation certified under Chapter 162, Occupations Code;

(E) a medical school or medical and dental unit, as defined or described by Section 61.003, 61.501, or 74.601, Education Code, that employs or contracts with physicians to teach or provide medical services or employs physicians and contracts with physicians in a practice plan; or

(F) an entity wholly owned by individuals licensed to practice medicine under Subtitle B, Title 3, Occupations Code.

(6) "Protected health information" means protected health information as that term is defined by the privacy rule of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 12, eff. September 1, 2012.

Sec. 182.004: Application of Sunset Act

The Texas Health Services Authority is subject to Chapter 325, Government Code (Texas Sunset Act). Unless continued in existence as provided by that chapter, the corporation is abolished and this section, Section 182.001, and Subchapters B and C expire September 1, 2027.

Comments

Added by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 1, eff. September 1, 2019.

Subchapter B

Sec. 182.051: Texas Health Services Authority; Purpose

(a) The corporation is established to:

(1) promote, implement, and facilitate the voluntary and secure electronic exchange of health information; and

(2) create incentives to promote, implement, and facilitate the voluntary and secure electronic exchange of health information.

(b) The corporation is a public nonprofit corporation and, except as otherwise provided in this chapter, has all the powers and duties incident to a nonprofit corporation under the Business Organizations Code.

(c) The corporation is subject to state law governing nonprofit corporations, except that:

(1) the corporation may not be placed in receivership; and

(2) the corporation is not required to make reports to the secretary of state under Section 22.357, Business Organizations Code.

(d) Except as otherwise provided by law, all expenses of the corporation shall be paid from income of the corporation.

(e) The corporation is subject to Chapter 551, Government Code.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.053: Composition of Board of Directors

(a) The corporation is governed by a board of 12 directors appointed by the governor, with the advice and consent of the senate.

(b) The governor shall also appoint at least two ex officio, nonvoting members representing the health and human services agencies as state agency data resources.

(b-1) The governor shall appoint as a voting board member one individual who represents Texas local health information exchanges.

(c) The governor shall appoint as voting board members individuals who represent consumers, clinical laboratories, health benefit plans, hospitals, regional health information exchange initiatives, pharmacies, physicians, or rural health providers, or who possess expertise in any other area the governor finds necessary for the successful operation of the corporation.

(d) An individual may not serve on the board of the corporation if the individual serves on the board of any other governmental body in this state.

(e) Appointments to the board shall be made without regard to the race, color, disability, sex, religion, age, or national origin of the appointees.

(f) An individual may not serve on the board of the corporation, in any capacity, if the individual has made a gift or grant, in cash or in kind, to the corporation.

(g) An individual may not serve on the board of the corporation, in any capacity, if the individual is required to register as a lobbyist under Chapter 305, Government Code, because of the person's activities for compensation on behalf of a profession or entity that is engaged in the providing of health care, the review or analysis of health care, the payment for health care services or procedures, or the providing of information technology.

(h) In this section, "health and human services agencies" includes the:

(1) department;

(2) Department of Aging and Disability Services;

(3) Department of Assistive and Rehabilitative Services;

(4) Department of Family and Protective Services; and

(5) commission.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 1 (S.B. 219), Sec. 3.0524, eff. April 2, 2015.

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 7, eff. September 1, 2015.

Sec. 182.054: Terms of Office

Appointed members of the board serve two-year terms and may continue to serve until a successor has been appointed by the governor.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.055: Expenses

Members of the board serve without compensation but are entitled to reimbursement for actual and necessary expenses in attending meetings of the board or performing other official duties authorized by the presiding officer.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.056: Officers; Conflict of Interest

(a) The governor shall designate a member of the board as presiding officer to serve in that capacity at the pleasure of the governor.

(b) Any board member or a member of a committee formed by the board with direct interest in a matter, personally or through an employer, before the board shall abstain from deliberations and actions on the matter in which the conflict of interest arises and shall further abstain on any vote on the matter, and may not otherwise participate in a decision on the matter.

(c) Each board member shall file a conflict of interest statement and a statement of ownership interests with the board to ensure disclosure of all existing and potential personal interests related to board business.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.057: Prohibition on Certain Contracts and Employment

The board may not compensate, employ, or contract with any individual who serves as a member of the board or advisory council to any other governmental body, including any agency, council, or committee, in this state.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.058: Meetings

(a) The board may meet as often as necessary, but shall meet at least twice a year.

(b) The board shall develop and implement policies that provide the public with a reasonable opportunity to appear before the board and to speak on any issue under the authority of the corporation.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.059: Chief Executive Officer; Personnel

The board may hire a chief executive officer. Under the direction of the board, the chief executive officer shall perform the duties required by this chapter or designated by the board. The chief executive officer may hire additional staff to carry out the responsibilities of the corporation.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.060: Technology Policy

The board shall implement a policy requiring the corporation to use appropriate technological solutions to improve the corporation's ability to perform its functions. The policy must ensure that the public is able to interact with the corporation on the Internet.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.061: Liabilities of Authority

Liabilities created by the corporation are not debts or obligations of the state, and the corporation may not secure any liability with funds or assets of the state except as otherwise provided by law.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Sec. 182.062: Board Member Immunity

(a) A board member may not be held civilly liable for an act performed, or omission made, in good faith in the performance of the member's powers and duties under this chapter.

(b) A cause of action does not arise against a member of the board for an act or omission described by Subsection (a).

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Subchapter C

Sec. 182.101: General Powers and Duties

(a) The corporation may:

(1) establish statewide health information exchange capabilities, including capabilities for electronic laboratory results, diagnostic studies, and medication history delivery, and, where applicable, promote definitions and standards for electronic interactions statewide;

(2) seek funding to:

(A) implement, promote, and facilitate the voluntary exchange of secure electronic health information between and among individuals and entities that are providing or paying for health care services or procedures; and

(B) create incentives to implement, promote, and facilitate the voluntary exchange of secure electronic health information between and among individuals and entities that are providing or paying for health care services or procedures;

(3) establish statewide health information exchange capabilities for streamlining health care administrative functions including:

(A) communicating point of care services, including laboratory results, diagnostic imaging, and prescription histories;

(B) communicating patient identification and emergency room required information in conformity with state and federal privacy laws;

(C) real-time communication of enrollee status in relation to health plan coverage, including enrollee cost-sharing responsibilities; and

(D) current census and status of health plan contracted providers;

(4) support regional health information exchange initiatives by:

(A) identifying data and messaging standards for health information exchange;

(B) administering programs providing financial incentives, including grants and loans for the creation and support of regional health information networks, subject to available funds;

(C) providing technical expertise where appropriate;

(D) sharing intellectual property developed under Section 182.105;

(E) waiving the corporation's fees associated with intellectual property, data, expertise, and other services or materials provided to regional health information exchanges operated on a nonprofit basis; and

(F) applying operational and technical standards developed by the corporation to existing health information exchanges only on a voluntary basis, except for standards related to ensuring effective privacy and security of individually identifiable health information;

(5) identify standards for streamlining health care administrative functions across payors and providers, including electronic patient registration, communication of enrollment in health plans, and information at the point of care regarding services covered by health plans; and

(6) support the secure, electronic exchange of health information through other strategies identified by the board.

(b) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2009, 81st Leg., R.S., Ch. 87 (S.B. 1969), Sec. 12.003, eff. September 1, 2009.

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 8, eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(3), eff. September 1, 2019.

Sec. 182.102: Prohibited Acts

(a) The corporation has no authority and shall not engage in any of the following:

(1) the collection and analysis of clinical data;

(2) the comparison of physicians to other physicians, including comparisons to peer group physicians, physician groups, and physician teams, and to national specialty society adopted quality measurements;

(3) the creation of a tool to measure physician performance compared to:

(A) peer group physicians on state and specialty levels; or

(B) objective standards;

(4) the providing of access to aggregated, de-identified protected health information to local health information exchanges and other users of quality care studies, disease management and population health assessments;

(5) providing to public health programs trended, aggregated, de-identified protected health information to help assess the health status of populations and the providing of regular reports of trends and important incidence of events to public health avenues for intervention, education, and prevention programs; or

(6) the creation of evidence-based standards for the practice of medicine.

(b) The corporation has no authority and shall not disseminate information, in any manner, to the public that compares, rates, tiers, classifies, measures, or ranks a physician's performance, efficiency, or quality of practice.

(c) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 9, eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(4), eff. September 1, 2019.

Sec. 182.103: Privacy of Information

(a) Protected health information and individually identifiable health information collected, assembled, or maintained by the corporation is confidential and is not subject to disclosure under Chapter 552, Government Code.

(b) The corporation shall comply with all state and federal laws and rules relating to the transmission of health information, including Chapter 181, and rules adopted under that chapter, and the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191) and rules adopted under that Act.

(c) The corporation shall develop privacy, security, operational, and technical standards to assist health information networks in the state to ensure effective statewide privacy, data security, efficiency, and interoperability across networks. The network's standards shall be guided by reference to the standards of the Certification Commission for Healthcare Information Technology or the Health Information Technology Standards Panel, or other federally approved certification standards, that exist on May 1, 2007, as to the process of implementation, acquisition, upgrade, or installation of electronic health information technology.

(d) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 1 (S.B. 219), Sec. 3.0525, eff. April 2, 2015.

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 10, eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(5), eff. September 1, 2019.

Sec. 182.104: Security Compliance

(a) The corporation shall:

(1) establish appropriate security standards to protect both the transmission and the receipt of individually identifiable health information or health care data;

(2) establish appropriate security standards to protect access to any individually identifiable health information or health care data collected, assembled, or maintained by the corporation;

(3) establish the highest levels of security and protection for access to and control of individually identifiable health information, including mental health care data and data relating to specific disease status, that is governed by more stringent state or federal privacy laws; and

(4) establish policies and procedures for the corporation for taking disciplinary actions against a board member, employee, or other person with access to individually identifiable health care information that violates state or federal privacy laws related to health care information or data maintained by the corporation.

(b) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 11, eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(6), eff. September 1, 2019.

Sec. 182.105: Intellectual Property

(a) The corporation shall take commercially reasonable measures to protect its intellectual property, including obtaining patents, trademarks, and copyrights where appropriate.

(b) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 12, eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(7), eff. September 1, 2019.

Sec. 182.106: Annual Report

(a) The corporation shall submit an annual report to the governor, the lieutenant governor, the speaker of the house of representatives, and the appropriate oversight committee in the senate and the house of representatives. The annual report must include financial information and a progress update on the corporation's efforts to carry out its mission.

(b) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 13, eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(8), eff. September 1, 2019.

Sec. 182.107: Funding

(a) The corporation may be funded through the General Appropriations Act and may request, accept, and use gifts and grants as necessary to implement its functions.

(b) The corporation may assess transaction, convenience, or subscription fees to cover costs associated with implementing its functions. All fees must be voluntary but receipt of services provided by the corporation may be conditioned on payment of fees.

(c) The corporation may participate in other revenue-generating activities that are consistent with the corporation's purposes.

(d) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2007, 80th Leg., R.S., Ch. 845 (H.B. 1066), Sec. 1, eff. June 15, 2007.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 14, eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(9), eff. September 1, 2019.

Sec. 182.108: Standards for Electronic Sharing of Protected Health Information; Covered Entity Certification

(a) The corporation shall develop and submit to the commission for ratification privacy and security standards for the electronic sharing of protected health information.

(b) The commission shall review and the executive commissioner by rule shall adopt acceptable standards submitted for ratification under Subsection (a).

(c) Standards adopted under Subsection (b) must be designed to:

(1) comply with the Health Insurance Portability and Accountability Act and Privacy Standards and Chapter 181;

(2) comply with any other state and federal law relating to the security and confidentiality of information electronically maintained or disclosed by a covered entity;

(3) ensure the secure maintenance and disclosure of personally identifiable health information;

(4) include strategies and procedures for disclosing personally identifiable health information; and

(5) support a level of system interoperability with existing health record databases in this state that is consistent with emerging standards.

(d) The corporation shall establish a process by which a covered entity may apply for certification by the corporation of a covered entity's past compliance with standards adopted under Subsection (b).

(e) The corporation shall publish the standards adopted under Subsection (b) on the corporation's Internet website.

(f) Repealed by Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2, eff. September 1, 2019.

Comments

Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 13, eff. September 1, 2012.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 1 (S.B. 219), Sec. 3.0526, eff. April 2, 2015.

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 15(a), eff. September 1, 2015.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 2(10), eff. September 1, 2019.

Acts 2019, 86th Leg., R.S., Ch. 1169 (H.B. 3304), Sec. 3, eff. September 1, 2019.

Subchapter D

Sec. 182.151: Definition

In this subchapter, "health information exchange" means an organization that:

(1) assists in the transmission or receipt of health-related information among organizations transmitting or receiving the information according to nationally recognized standards and under an express written agreement with the organizations;

(2) as a primary business function, compiles or organizes health-related information designed to be securely transmitted by the organization among physicians, other health care providers, or entities within a region, state, community, or hospital system; or

(3) assists in the transmission or receipt of electronic health-related information among physicians, other health care providers, or entities within:

(A) a hospital system;

(B) a physician organization;

(C) a health care collaborative, as defined by Section 848.001, Insurance Code;

(D) an accountable care organization participating in the Pioneer Model under the initiative by the Innovation Center of the Centers for Medicare and Medicaid Services; or

(E) an accountable care organization participating in the Medicare Shared Savings Program under 42 U.S.C. Section 1395jjj.

Comments

Added by Acts 2015, 84th Leg., R.S., Ch. 1085 (H.B. 2641), Sec. 11, eff. September 1, 2015.

Sec. 182.152: Authority of Health Information Exchange

(a) Notwithstanding Sections 81.046, 82.009, 161.0073, and 161.008, a health information exchange may access and transmit health-related information under Sections 81.044(a), 82.008(a), 161.007(d), 161.00705(a), 161.00706(b), and 161.008(i) if the access or transmittal is:

(1) made for the purpose of assisting in the reporting of health-related information to the appropriate agency;

(2) requested and authorized by the appropriate health care provider, practitioner, physician, facility, clinical laboratory, or other person who is required to report health-related information;

(3) made in accordance with the applicable consent requirements for the immunization registry under Subchapter A, Chapter 161, if the information being accessed or transmitted relates to the immunization registry; and

(4) made in accordance with the requirements of this subchapter and all other state and federal law.

(b) A health information exchange may only use and disclose the information that it accesses or transmits under Subsection (a) in compliance with this subchapter and all applicable state and federal law, and may not exchange, sell, trade, or otherwise make any prohibited use or disclosure of the information.

Comments

Added by Acts 2015, 84th Leg., R.S., Ch. 1085 (H.B. 2641), Sec. 11, eff. September 1, 2015.

Sec. 182.153: Compliance with Law; Security

A health information exchange that collects, transmits, disseminates, accesses, or reports health-related information under this subchapter shall comply with all applicable state and federal law, including secure electronic data submission requirements.

Comments

Added by Acts 2015, 84th Leg., R.S., Ch. 1085 (H.B. 2641), Sec. 11, eff. September 1, 2015.

Sec. 182.154: Criminal Penalty

(a) A person who collects, transmits, disseminates, accesses, or reports information under this subchapter on behalf of or as a health information exchange commits an offense if the person, with the intent to violate this subchapter, allows health-related information in the possession of a health information exchange to be used or disclosed in a manner that violates this subchapter.

(b) An offense under this section is a Class A misdemeanor.

Comments

Added by Acts 2015, 84th Leg., R.S., Ch. 1085 (H.B. 2641), Sec. 11, eff. September 1, 2015.

Sec. 182.155: Immunities and Defenses Continued

Collecting, transmitting, disseminating, accessing, or reporting information through a health information exchange does not alone deprive a physician or health care provider of an otherwise applicable immunity or defense.

Comments

Added by Acts 2015, 84th Leg., R.S., Ch. 1085 (H.B. 2641), Sec. 11, eff. September 1, 2015.