(a) A covered entity that electronically exchanges,
uses, or discloses PHI, at a minimum, must comply with the following
standards for confidential information in any form, to the extent
applicable:
(1) HIPAA Privacy, Security and Breach Notification
Regulations;
(2) the Texas Medical Records Privacy Act, Chapter
181 of the Texas Health and Safety Code;
(3) the Texas Identity Theft Act, Chapter 521 of the
Texas Business and Commerce Code; and
(4) any other applicable state or federal law or regulation
that requires that confidential information be safeguarded, used,
or disclosed only for authorized purposes by authorized users, including
without limitation:
(A) requirements applicable to the following specific
types of data:
(i) Cancer: Texas Health and Safety Code §82.008
and §82.009; Title 25 Texas Administrative Code (TAC) §91.9
(relating to Confidentiality and Disclosure);
(ii) HIV/AIDS: Texas Health and Safety Code §81.103,
HIV/AIDS Test Results, and 40 TAC §8.288 (relating to Confidentiality
of Test Results);
(iii) Genetic: Genetic Information Nondiscrimination
Act of 2008 (GINA) Pub. L. No. 110-233 and applicable regulations
promulgated under that act; Texas Insurance Code, Chapter 546, Subchapter
C; Texas Labor Code §21.403 and §21.404; Texas Occupations
Code, Chapter 58;
(iv) Sexual assault: Texas Health and Safety Code,
Chapter, 44, Subchapter C;
(v) Communicable diseases: Texas Health and Safety
Code §81.046; 25 TAC §97.10 (relating to Confidential Nature
of Case Reporting and Records);
(vi) Mental health: Texas Health and Safety Code, Chapter
611, Mental Health Records/Substance Abuse Records;
(vii) Substance abuse or substance use disorder: 42
CFR Part 2, Confidentiality of Alcohol and Drug Abuse Patient Records;
Texas Health and Safety Code, Chapter 611, Mental Health Records/Substance
Abuse Records;
(viii) Immunizations: Texas Health and Safety Code §161.0073
and §161.009; 25 TAC §100.2 (relating to Confidentiality);
(ix) Bureau of Vital Statistics: Texas Government Code §552.115;
Texas Health and Safety Code Chapters 192 and 193, §195.005;
25 TAC Chapter 181 (relating to Vital Statistics);
(x) Reports of abuse or neglect: Texas Human Resources
Code, Chapter 48, Report of Abuse or Neglect of Elderly or Disabled
Persons; Texas Health and Safety Code §161.132; Family Code Chapter
261, Reports of Child Abuse;
(xi) Federal tax information: Internal Revenue Code,
Title 26, 26 U.S.C. §6103; IRS Publication 1075;
(xii) Social Security Administration data: 42 U.S.C. §1306,
20 CFR Part 401;
(xiii) Occupational diseases: Texas Health and Safety
Code §84.006; 25 TAC §99.1 (relating to General Provisions);
(xiv) Family planning: 25 TAC §56.11 (relating
to Confidentiality); and
(xv) Recipients of government benefits: requirements
for use of disclosure of client information about or concerning recipients
of government benefits such as Medicaid, the Supplemental Nutrition
Assistance Program (SNAP), Temporary Assistance for Needy Families
(TANF), or the Children's Health Insurance Program (CHIP), by HHSC
or its designee(s), third party, or business associate: 7 CFR §272
(SNAP); 45 CFR §205.50 (TANF); 42 CFR §§431.300 et
seq. (Medicaid); 42 CFR §457.1110 (CHIP);
(B) requirements applicable to data held by the following
specific types of providers, facilities, and services:
(i) Hospitals: Texas Health and Safety Code, Chapter
241, Subchapter G, Hospital Disclosures of Health Care Information;
25 TAC §133.42 (relating to Patient Rights);
(ii) Nursing facilities: Texas Health and Safety Code,
Chapter 242, §242.134 and §242.501(8), Nursing Home Resident
Rights; 40 TAC §19.407 (relating to Privacy and Confidentiality);
(iii) Intermediate care facilities for persons with
an intellectual disability or related conditions (ICF/IID): Texas
Health and Safety Code, Chapter 252, §252.126 and §252.134;
(iv) Freestanding emergency medical care facilities:
Texas Health and Safety Code Chapter 254; 25 TAC §131.53 (relating
to Medical Records);
(v) Ambulatory surgical centers: Texas Health and Safety
Code, Chapter 243, 25 TAC §135.5 (relating to Patient Rights);
(vi) Emergency medical services: Texas Health and Safety
Code, Chapter 773, §§773.079 - 773.096; 25 TAC §157.11
(relating to Requirements for an EMS Provider License);
(vii) Physicians: Texas Occupations Code, Chapter 159,
Physician-Patient Communication;
(viii) Chiropractors: Texas Occupations Code §§201.402
- 201.405, Chiropractor-Patient Confidentiality;
(ix) Dentists: Texas Occupations Code §§258.051
et seq., Dental-Patient Confidentiality;
(x) Labs: Clinical Laboratory Improvement Amendments
(CLIA) (1988); 42 CFR §493.1291;
(xi) Pharmacists: Texas Occupations Code, Chapter 562, §562.052,
Confidential Records of Pharmacists;
(xii) Podiatrists: Texas Occupations Code, Chapter
202, Subchapter I, §§202.401 et seq., Podiatrist Privilege
and Confidentiality;
(xiii) Personal health record vendors: Health Breach
Notification Rule for Vendors of Personal Health Records, 16 CFR Part
318;
(xiv) End stage renal disease facilities: Texas Health
and Safety Code §251.011; 25 TAC §117.42 (relating to Patient
Rights);
(xv) Special care facilities (AIDS): 25 TAC §125.33
(relating to Resident Rights);
(xvi) Private psychiatric hospitals and crisis stabilization
units: Texas Health and Safety Code §577.013: 25 TAC Chapter
134 (relating to Private Psychiatric Hospitals and Crisis Stabilization
Units);
(xvii) Birthing centers: 25 TAC §137.53 (relating
to Clinical Records);
(xviii) Applicable health professions regulated by
25 TAC Chapter 140 (relating to Health Professions Regulation) confidentiality
requirements under 25 TAC Chapter 140 or other applicable law for,
such as:
(I) licensed chemical dependency counselors and treatment
facilities, Texas Occupations Code §504.251; 25 TAC §140.424
(relating to Standards for Private Practice); Texas Health and Safety
Code, Chapter 464; 25 TAC Chapter 448 (relating to Standard of Care);
(II) medical radiologic technologists, 25 TAC §140.514
(relating to Disciplinary Actions);
(III) dyslexia therapists and dyslexia practitioners,
25 TAC §140.586 (relating to Code of Ethics; Duties and Responsibilities
of License Holders); and
(IV) promotores or community health workers: 25 TAC §146.11
(relating to Professional and Ethical Standards); and
(C) requirements applicable to data about the following
specific types of individuals:
(i) Minors: Texas Family Code §§32.003, 32.004,
151.003, 153.073, 153.074, and 153.132; Texas Occupations Code §159.005;
Texas Civil Practice and Remedies Code §129.001;
(ii) Children with Special Health Care Needs Services
Program: 25 TAC §38.5 (relating to Rights and Responsibilities
of a Client's Parents, Foster Parents, Guardian, or Managing Conservator,
or an Adult Client); and
(iii) Early and Periodic Screening, Diagnosis, and
Treatment: 25 TAC §33.30 (relating to Confidentiality of Records).
(b) These standards do not apply to de-identified information.
|