GovInfoSecurity reports on a new privacy law concerning medical data in Texas:
Republican Lois Kolkhorst, a sponsor of the law, says the legislation was motivated primarily by recognition that electronic health records and the exchange of health data are becoming more common in light of the HITECH Act’s federal EHR incentive program. The federal funding for automating and exchanging records “was really the egg cracking wide open,” she says. […]
The new law, which goes into effect in September 2012, establishes what amounts to an infrastructure for state oversight of healthcare privacy and enforcement of guidelines, complete with tougher civil penalties for violations, [Lynn Sessions of the law firm Baker Hostetler] explains. […]
Among the new law’s provisions are:
- An explicit ban on selling personal health information for a profit. […]
- A requirement that all covered entities, as defined under state law, comply with HIPAA. Texas law already defines “covered entities” much more broadly than HIPAA, applying the term to any organization that handles health information. […]
- A provision that healthcare providers must provide patients, upon request, with an electronic copy of their records within 15 business days.
- Creation by the attorney general of a system for receiving complaints as well as a website with detailed information on consumer’s healthcare privacy rights under state and federal law.
- Creation by a state commission of privacy and security standards for electronic sharing of protected health information.