Sec. 181.205: Mitigation

(a) In an action or proceeding to impose an administrative penalty or assess a civil penalty for actions related to the disclosure of individually identifiable health information, a covered entity may introduce, as mitigating evidence, evidence of the entity's good faith efforts to comply with:

(1) state law related to the privacy of individually identifiable health information; or

(2) the Health Insurance Portability and Accountability Act and Privacy Standards.

(b) In determining the amount of a penalty imposed under other law in accordance with Section 181.202, a court or state agency shall consider the following factors:

(1) the seriousness of the violation, including the nature, circumstances, extent, and gravity of the disclosure;

(2) the covered entity's compliance history;

(3) whether the violation poses a significant risk of financial, reputational, or other harm to an individual whose protected health information is involved in the violation;

(4) whether the covered entity was certified at the time of the violation as described by Section 182.108;

(5) the amount necessary to deter a future violation; and

(6) the covered entity's efforts to correct the violation.

(c) On receipt of evidence under Subsections (a) and (b), a court or state agency shall consider the evidence and mitigate imposition of an administrative penalty or assessment of a civil penalty accordingly.


Added by Acts 2003, 78th Leg., ch. 924, Sec. 7, eff. Sept. 1, 2003.

Amended by:

Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 10, eff. September 1, 2012.