Complying With Texas' New Health Care Privacy Law

Hardly a week goes by without a major announcement of a data breach, particularly one involving a health care entity. While most health care entities are aware of HIPAA and take steps to comply, it is increasingly obvious that the requirements of HIPAA are not always clear, and the proper method for complying with HIPAA might not be obvious. Additionally, HIPAA changes regularly, with new regulations and interpretations.

In Texas, health care entities (and non-health care entities who deal with medical information) cannot simply rely on their efforts to comply with HIPAA as being sufficient. Specifically, the Texas legislature, responding to anecdotal evidence of rampant health information insecurity, has passed House Bill 300, which imposes new obligations and greater penalties on Texas entities that handle health care information. Entities that are not even subject to HIPAA will find themselves subject to the Texas law, and many will be caught unaware of the obligations they have failed to keep. Compliance with House Bill 300 will not be particularly difficult, unless the entity is unaware of its obligations.

This OnDemand Webinar will outline the HIPAA and House Bill 300 obligations on Texas entities, and provide practical advice to a wide range of entities on how to comply with these disparate obligations.

Authors

Agenda

HIPAA's Basic Requirements

• Who Is Covered
• Basic Privacy and Security Requirements
• Administrative Requirements
• Enforcement

States Develop Data Breach Rules

• California Starts the Trend
• The Texas Data Breach Notification Rule

- PHI Included by Definition

• Massachusetts Encryption Requirements

Texas-Style HIPAA

• Original Statute: HIPAA Redux
• Initial Revisions: Mainly Marketing
• HB 300: Fear Factor

- A Different Type of Covered Entity

- Training

- EHR Controls

Additional Formats