The Texas Medical Privacy Act went into effect September 1, 2012. Not only is it the broadest and the toughest of such laws in the nation but it increases the requirements beyond those in HIPAA for organizations that are already covered entities (CEs) but greatly expands the number and type of Texas-based CEs required to comply with the privacy standards in HIPAA and adds many of its own requirements (breach notification of electronic PHI and penalties for violations).
The new Texas law applies to everyone who touches Personal Health Information (PHI) and will have a big impact on entities that get PHI but aren’t technically business associates (BAs). These entities must comply with HIPAA restrictions on use and disclosure.
The biggest impact on CEs and BAs:
- Shorter timeframes for giving access to records
- Training requirement – all employees are to be trained within 60 days of hire or within the last 2 years. You are already in violation if you have not trained employees in the last 2 years.
Contact Ann Deen at firstname.lastname@example.org on how to become compliant.