Texas HB300 – Going Beyond the Privacy Rights of HIPAA/HITECH

Do you know what today is?  The day that Texas HB300 takes effect.

Texans say that everything is bigger in their state.  It’s certainly true of privacy laws.  Texas has some of the broadest – and strictest – privacy laws in the nation.  HB300 expands privacy rights beyond HIPAA and HITECH.  Just look at the bullet points:

  • Increases PHI security training required by covered entities, and imposes a 60-day deadline for training new employees and mandatory employee retraining every 2 years
  • Requires that healthcare providers give patients an electronic copy of their EHR
  • Increases penalties for any disclosure of PHI
  • Requires any healthcare provider doing business in Texas to notify patients in the case of a breach

Regulatory sticks also seem to be bigger in Texas.  Check out these civil penalties for privacy violations:

  • $5,000 fine for negligent violations
  • $25,000 fine for knowing and intentional violations
  • $250,000 fine for intentionally using PHI for financial gain
  • $1.5 million fine for a pattern or practice of violations

Texas HB300 is part of a trend in information security regulation, where states go above and beyond federal legislation such as HIPAA and HITECH, FISMA, and the like.  It’s more important than ever to understand state compliance.  Is your business compliant with state information security regulations?Texas HB300