Sec. 181.206: Audits of Covered Entities

(a) The commission, in coordination with the attorney general and the Texas Department of Insurance:

(1) may request that the United States secretary of health and human services conduct an audit of a covered entity, as that term is defined by 45 C.F.R. Section 160.103, in this state to determine compliance with the Health Insurance Portability and Accountability Act and Privacy Standards; and

(2) shall periodically monitor and review the results of audits of covered entities in this state conducted by the United States secretary of health and human services.

(a-1) Notwithstanding Subsection (a), the commission shall also coordinate with the Texas Health Services Authority when requesting an audit or monitoring and reviewing the results of an audit under Subsection (a). This subsection expires September 1, 2021.

(b) If the commission has evidence that a covered entity has committed violations of this chapter that are egregious and constitute a pattern or practice, the commission may:

(1) require the covered entity to submit to the commission the results of a risk analysis conducted by the covered entity if required by 45 C.F.R. Section 164.308(a)(1)(ii)(A); or

(2) if the covered entity is licensed by a licensing agency of this state, request that the licensing agency conduct an audit of the covered entity's system to determine compliance with the provisions of this chapter.

(c) The commission annually shall submit to the appropriate standing committees of the senate and the house of representatives a report regarding the number of federal audits of covered entities in this state and the number of audits required under Subsection (b).


Added by Acts 2011, 82nd Leg., R.S., Ch. 1126 (H.B. 300), Sec. 11, eff. September 1, 2012.

Amended by:

Acts 2015, 84th Leg., R.S., Ch. 12 (S.B. 203), Sec. 2, eff. September 1, 2015.