Protected Health Information (House Bill 300)

Health & Safety Code Chapter 181

Texas House Bill 300, added the following requirements to state law for protecting patient records. The definition of covered entity in the statute is very broad, and could include every optometrist’s office. The law, Chapter 181 of the Texas Health and Safety Code, has these requirements:

  • Doctors must provide training for staff w/i 90 days of hire and whenever a change in the law affects the employee’s duties (Sec. 181.101)
  • Doctors must provide patient records w/i 15 days of a request if the request is for electronic records (Sec. 181.102)
  • Doctors must obtain authorization and provide notice for electronic disclosure unless disclosure is for listed exceptions (Sec. 181.154)

Note that these requirements are in addition to the federal HIPAA requirements. The Texas Attorney General is authorized to enforce the federal and state requirements. The Optometry Board has the authority to enforce, through disciplinary action, the law.

Doctors should also be aware that their office, as with any other business in Texas, has additional responsibilities to protect other sensitive information, including social security numbers and driver’s license numbers (Business and Commerce Code). State law also requires a business to give notice to all customers if there has been a breach of computer security. (Business and Commerce Code). Substantial penalties are possible if the requirements of the law are not met.

Authorization Form To Disclose Protected Health Information

The Texas Health & Safety Code Section 181.154(d) requires the Attorney General to develop a form that may be used to authorize the release of protected health information.