The Texas Medical Records Privacy Act, also known as Texas House Bill 300, passed in 2011 and was put into effect in late 2012. The purpose of this law was to ramp up protection for patients in Texas. It aimed to work in conjunction with federal HIPAA privacy protections to ensure that patients' medical records are as safeguarded as possible. This bill added new levels and restrictions to the existing protections.
The Texas Medical Records Privacy Act focuses on the storage and treatment of consumers' protected health information, abbreviated as PHI. The act addressed the genesis of electronic health records (EHRs) and how doctors, administrations, and others involved in the healthcare industry should treat them.
Goals of the Texas Medical Records Privacy Act
The Texas Medical Records Privacy Act focused on a few main goals:
Expand "covered entities" — The Texas Medical Records Privacy Act expanded the definition of "covered entities" to include any individual or firm that comes into contact with patient health information, rather than just health care plans and providers like under HIPAA regulations. This means that many more organizations, such as law firms, accounting firms, auditing firms, and storage companies, will be subject to these policies.
Require employee training — Texas House Bill 300 requires employee training of all personnel involved in the handling of PHI. This training must be renewed every 2 years. This requirement is beneficial for doctors because fully informed employees means there will be less negligence from exposure of sensitive, private health information.
Increase penalties — Covered entities which do not treat patient health information properly, by using or disclosing records in wrongful ways, can be both civilly and criminally prosecuted. Penalties will be determined based on five criteria:
- the seriousness of the violation
- the entity's history of compliance
- the level of risk to the patient
- the penalty necessary to deter future violations
- the entity's effort to amend the violation.
Strengthen patient rights — One of the hallmark aspects of the Texas Medical Records Privacy Act is the power it gives to patients. Patients reserve the right to access and amend all medical information. More than that, covered entities often need to obtain patient authorization before using or disclosing health records. As a provider, ensuring this protection is vital to maintaining the trust and intimacy inherent in doctor-patient relationships due to the sensitive nature of medical information.
Effects of the Privacy Act
Overall, the Texas Medical Records Privacy act expands the protection of patient health information significantly, as well as the regulation of the entities that are at all involved with it. This aims to increase accountability among organizations that deal with patients' medical records. The most influential part of this law for doctors is the greater access and control of medical records given to patients.
Being aware of the different facets of new policies influencing the health sector can only be beneficial for physicians. In particular, the Texas Medical Records Privacy Act, which includes even more stringent requirements than federal HIPAA regulations for patient privacy, should be understood fully by Texas physicians.
Though ensuring patient protection under these laws requires more proactive, mindful action on the part of physicians, these policies are significant in safeguarding the rights of patients and the sensitive, vulnerable doctor-patient relationship.