Our HIPAA auditors are compliance experts. The Texas Medical Privacy Law (Texas H.B. 300) contains State-specific guidelines and requirements for covered entities with increased penalties for non-compliance. Don't wait until a breach happens to find out if you're prepared. We'll assess your organization's policies, protocols, and procedures and provide detailed documentation with recommendations on how to be fully compliant.
What are the requirements of HB300 compliance?
We recommend that everyone familiarize themselves with the Texas HB300 document or hire a compliance vendor like us, for example. However, here are the general requirements:
- Be familiar with the guidelines for protecting PHI and how to implement them throughout your organization to protect patient privacy.
- Ensure that your systems are secure for both maintaining and disclosing PHI.
- Know the specifics on how to report breaches which is different for H.B. 300 vs. HIPAA.
- New employees must be trained on patient privacy policy and practices within 60 days of being hired.
- Proof of training on PHI, EHR and ePHI for H.B. 300 must be kept in the form of a certificate for each employee.
- Your employees must be retrained on the above at least every two years.
- A file should be kept of written office protocols relating to PHI, HITECH Law, and ePHI.
- Health care providers must provide a person's health care record within 15 days of their request.
What is a Covered Entity?
Under Texas HB300, you are considered a covered entity if:
- You engaged in the practice of assembling, collecting, analyzing, storing or transmittin PHI
- You come into the possession of PHI
- You obtain or store PHI
- You are an employee, agent, or contractor of a person described above who is maintaining, using, transmitting, receiving, obtaining, or creating PHI
How much are HB300 fines?
This law contains much more severe civil and criminal penalties enforced by the Texas Attorney General. Depending on the nature of the disclosure (pattern or practice vs. accidental), fines can be anywhere from $5,000 to $1.5M for each violation that occurs in that year and are in addition to any penalties levied by the Federal Government under HIPAA or HITECH.