1-1 AN ACT
1-2 relating to protecting the privacy of medical records; providing
1-3 penalties.
1-4 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
1-5 SECTION 1. Title 2, Health and Safety Code, is amended by
1-6 adding Subtitle I to read as follows:
1-7 SUBTITLE I. MEDICAL RECORDS
1-8 CHAPTER 181. MEDICAL RECORDS PRIVACY
1-9 SUBCHAPTER A. GENERAL PROVISIONS
1-10 Sec. 181.001. DEFINITIONS. (a) Unless otherwise defined in
1-11 this chapter, each term that is used in this chapter has the
1-12 meaning assigned by the Health Insurance Portability and
1-13 Accountability Act and Privacy Standards.
1-14 (b) In this chapter:
1-15 (1) "Covered entity" means any person who:
1-16 (A) for commercial, financial, or professional
1-17 gain, monetary fees, or dues, or on a cooperative, nonprofit, or
1-18 pro bono basis, engages, in whole or in part, and with real or
1-19 constructive knowledge, in the practice of assembling, collecting,
1-20 analyzing, using, evaluating, storing, or transmitting protected
1-21 health information. The term includes a business associate, health
1-22 care payer, governmental unit, information or computer management
1-23 entity, school, health researcher, health care facility, clinic,
1-24 health care provider, or person who maintains an Internet site;
1-25 (B) comes into possession of protected health
2-1 information;
2-2 (C) obtains or stores protected health
2-3 information under this chapter; or
2-4 (D) is an employee, agent, or contractor of a
2-5 person described by Paragraph (A), (B), or (C) insofar as the
2-6 employee, agent, or contractor creates, receives, obtains,
2-7 maintains, uses, or transmits protected health information.
2-8 (2) "Health care operations" has the meaning assigned
2-9 by the Health Insurance Portability and Accountability Act and
2-10 Privacy Standards. The term does not include marketing as
2-11 described in 45 C.F.R. Section 164.514(e) and any subsequent
2-12 amendments.
2-13 (3) "Health Insurance Portability and Accountability
2-14 Act and Privacy Standards" means the privacy requirements of the
2-15 Administrative Simplification subtitle of the Health Insurance
2-16 Portability and Accountability Act of 1996 (Pub. L. No. 104-191)
2-17 and the final rules adopted on December 28, 2000, and published at
2-18 65 Fed. Reg. 82798 et seq., and any subsequent amendments.
2-19 (4) "Marketing" means the promotion or advertisement,
2-20 by a covered entity, of specific products or services if the
2-21 covered entity receives, directly or indirectly, a financial
2-22 incentive or remuneration for the use, access, or disclosure of
2-23 protected health information. Marketing does not include a
2-24 communication for treatment or health care operations by a health
2-25 care provider, health plan, or participants in an organized health
2-26 care arrangement or their affiliated covered entities or business
3-1 associates.
3-2 (5) "Protected health information" means individually
3-3 identifiable health information, including demographic information
3-4 collected from an individual, that:
3-5 (A) relates to:
3-6 (i) the past, present, or future physical
3-7 or mental health or condition of an individual;
3-8 (ii) the provision of health care to an
3-9 individual; or
3-10 (iii) the past, present, or future payment
3-11 for the provision of health care to an individual; and
3-12 (B) identifies the individual or with respect to
3-13 which there is a reasonable basis to believe the information can be
3-14 used to identify the individual.
3-15 Sec. 181.002. APPLICABILITY. (a) This chapter does not
3-16 affect the validity of another statute of this state that provides
3-17 greater confidentiality for information made confidential by this
3-18 chapter.
3-19 (b) To the extent that this chapter conflicts with another
3-20 law with respect to protected health information collected by a
3-21 governmental body or unit, this chapter controls.
3-22 Sec. 181.003. SOVEREIGN IMMUNITY. This chapter does not
3-23 waive sovereign immunity to suit or liability.
3-24 Sec. 181.004. RULES. A state agency that licenses or
3-25 regulates a covered entity may adopt rules as necessary to carry
3-26 out the purposes of this chapter.
4-1 (Sections 181.005-181.050 reserved for expansion
4-2 SUBCHAPTER B. EXEMPTIONS
4-3 Sec. 181.051. PARTIAL EXEMPTION. Except for Subchapter D,
4-4 this chapter does not apply to:
4-5 (1) a licensee as defined in Article 28B.01, Insurance
4-6 Code;
4-7 (2) an entity established under Article 5.76-3,
4-8 Insurance Code; or
4-9 (3) an employer.
4-10 Sec. 181.052. PROCESSING PAYMENT TRANSACTIONS BY FINANCIAL
4-11 INSTITUTIONS. (a) In this section, "financial institution" has
4-12 the meaning assigned by Section 1101, Right to Financial Privacy
4-13 Act of 1978 (12 U.S.C. Section 3401), and its subsequent
4-14 amendments.
4-15 (b) To the extent that a covered entity engages in
4-16 activities of a financial institution, or authorizes, processes,
4-17 clears, settles, bills, transfers, reconciles, or collects payments
4-18 for a financial institution, this chapter and any rule adopted
4-19 under this chapter does not apply to the covered entity with
4-20 respect to those activities, including the following:
4-21 (1) using or disclosing information to authorize,
4-22 process, clear, settle, bill, transfer, reconcile, or collect a
4-23 payment for, or related to, health plan premiums or health care, if
4-24 the payment is made by any means, including a credit, debit, or
4-25 other payment card, an account, a check, or an electronic funds
4-26 transfer; and
5-1 (2) requesting, using, or disclosing information with
5-2 respect to a payment described by Subdivision (1):
5-3 (A) for transferring receivables;
5-4 (B) for auditing;
5-5 (C) in connection with a customer dispute or an
5-6 inquiry from or to a customer;
5-7 (D) in a communication to a customer of the
5-8 entity regarding the customer's transactions, payment card,
5-9 account, check, or electronic funds transfer;
5-10 (E) for reporting to consumer reporting
5-11 agencies; or
5-12 (F) for complying with a civil or criminal
5-13 subpoena or a federal or state law regulating the covered entity.
5-14 Sec. 181.053. NONPROFIT AGENCIES. The department shall by
5-15 rule exempt from this chapter a nonprofit agency that pays for
5-16 health care services or prescription drugs for an indigent person
5-17 only if the agency's primary business is not the provision of
5-18 health care or reimbursement for health care services.
5-19 Sec. 181.054. WORKERS' COMPENSATION. This chapter does not
5-20 apply to:
5-21 (1) workers' compensation insurance or a function
5-22 authorized by Title 5, Labor Code; or
5-23 (2) any person or entity in connection with providing,
5-24 administering, supporting, or coordinating any of the benefits
5-25 under a self-insured program for workers' compensation.
5-26 Sec. 181.055. EMPLOYEE BENEFIT PLAN. This chapter does not
6-1 apply to:
6-2 (1) an employee benefit plan; or
6-3 (2) any covered entity or other person, insofar as the
6-4 entity or person is acting in connection with an employee benefit
6-5 plan.
6-6 Sec. 181.056. AMERICAN RED CROSS. This chapter does not
6-7 prohibit the American Red Cross from accessing any information
6-8 necessary to perform its duties to provide disaster relief,
6-9 disaster communication, or emergency leave verification services
6-10 for military personnel.
6-11 Sec. 181.057. INFORMATION RELATING TO OFFENDERS WITH MENTAL
6-12 IMPAIRMENTS. This chapter does not apply to an agency described by
6-13 Section 614.017 with respect to the disclosure, receipt, transfer,
6-14 or exchange of medical and health information and records relating
6-15 to individuals in the custody of an agency or in community
6-16 supervision.
6-17 Sec. 181.058. EDUCATIONAL RECORDS. In this chapter,
6-18 protected health information does not include:
6-19 (1) education records covered by the Family
6-20 Educational Rights and Privacy Act of 1974 (20 U.S.C. Section
6-21 1232g) and its subsequent amendments; or
6-22 (2) records described by 20 U.S.C. Section
6-23 1232g(a)(4)(B)(iv) and its subsequent amendments.
7-1 (Sections 181.059-181.100 reserved for expansion
7-2 SUBCHAPTER C. ACCESS TO AND USE OF HEALTH CARE INFORMATION
7-3 Sec. 181.101. COMPLIANCE WITH FEDERAL REGULATIONS. A
7-4 covered entity shall comply with the Health Insurance Portability
7-5 and Accountability Act and Privacy Standards relating to:
7-6 (1) an individual's access to the individual's
7-7 protected health information;
7-8 (2) amendment of protected health information;
7-9 (3) uses and disclosures of protected health
7-10 information, including requirements relating to consent; and
7-11 (4) notice of privacy practices for protected health
7-12 information.
7-13 Sec. 181.102. INFORMATION FOR RESEARCH. (a) A covered
7-14 entity may disclose protected health information to a person
7-15 performing health research, regardless of the source of funding of
7-16 the research, for the purpose of conducting health research, only
7-17 if the person performing health research has obtained:
7-18 (1) individual consent or authorization for use or
7-19 disclosure of protected health information for research required by
7-20 federal law;
7-21 (2) the express written authorization of the
7-22 individual required by this chapter;
7-23 (3) documentation that a waiver of individual consent
7-24 or authorization required for use or disclosure of protected health
7-25 information has been granted by an institutional review board or
7-26 privacy board as required under federal law; or
8-1 (4) documentation that a waiver of the individual's
8-2 express written authorization required by this chapter has been
8-3 granted by a privacy board established under this section.
8-4 (b) A privacy board:
8-5 (1) must consist of members with varying backgrounds
8-6 and appropriate professional competency as necessary to review the
8-7 effect of the research protocol for the project or projects on the
8-8 privacy rights and related interests of the individuals whose
8-9 protected health information would be used or disclosed;
8-10 (2) must include at least one member who is not
8-11 affiliated with the covered entity or an entity conducting or
8-12 sponsoring the research and not related to any person who is
8-13 affiliated with an entity described by this subsection; and
8-14 (3) may not have any member participating in the
8-15 review of any project in which the member has a conflict of
8-16 interest.
8-17 (c) A privacy board may grant a waiver of the express
8-18 written authorization for the use of protected health information
8-19 if the privacy board obtains the following documentation:
8-20 (1) a statement identifying the privacy board and the
8-21 date on which the waiver of the express written authorization was
8-22 approved by the privacy board;
8-23 (2) a statement that the privacy board has determined
8-24 that the waiver satisfies the following criteria:
8-25 (A) the use or disclosure of protected health
8-26 information involves no more than minimal risk to the affected
9-1 individuals;
9-2 (B) the waiver will not adversely affect the
9-3 privacy rights and welfare of those individuals;
9-4 (C) the research could not practicably be
9-5 conducted without the waiver;
9-6 (D) the research could not practicably be
9-7 conducted without access to and use of the protected health
9-8 information;
9-9 (E) the privacy risks to individuals whose
9-10 protected health information is to be used or disclosed are
9-11 reasonable in relation to the anticipated benefits, if any, to the
9-12 individuals and the importance of the knowledge that may reasonably
9-13 be expected to result from the research;
9-14 (F) there is an adequate plan to protect the
9-15 identifiers from improper use and disclosure;
9-16 (G) there is an adequate plan to destroy the
9-17 identifiers at the earliest opportunity consistent with conduct of
9-18 the research, unless there is a health or research justification
9-19 for retaining the identifiers or the retention is otherwise
9-20 required by law; and
9-21 (H) there are adequate written assurances that
9-22 the protected health information will not be reused or disclosed to
9-23 another person or entity, except:
9-24 (i) as required by law;
9-25 (ii) for authorized oversight of the
9-26 research project; or
10-1 (iii) for other research for which the use
10-2 or disclosure of protected health information would be permitted by
10-3 state or federal law;
10-4 (3) a brief description of the protected health
10-5 information for which use or access has been determined to be
10-6 necessary by the privacy board under Subdivision (2)(D); and
10-7 (4) a statement that the waiver of express written
10-8 authorization has been approved by the privacy board following the
10-9 procedures under Subsection (e).
10-10 (d) A waiver must be signed by the presiding officer of the
10-11 privacy board or the presiding officer's designee.
10-12 (e) The privacy board must review the proposed research at a
10-13 convened meeting at which a majority of the privacy board members
10-14 are present, including at least one member who satisfies the
10-15 requirements of Subsection (b)(2). The waiver of express written
10-16 authorization must be approved by the majority of the privacy board
10-17 members present at the meeting, unless the privacy board elects to
10-18 use an expedited review procedure. The privacy board may use an
10-19 expedited review procedure only if the research involves no more
10-20 than minimal risk to the privacy of the individual who is the
10-21 subject of the protected health information of which use or
10-22 disclosure is being sought. If the privacy board elects to use an
10-23 expedited review procedure, the review and approval of the waiver
10-24 of express written authorization may be made by the presiding
10-25 officer of the privacy board or by one or more members of the
10-26 privacy board as designated by the presiding officer.
11-1 (f) A covered entity may disclose protected health
11-2 information to a person performing health research if the covered
11-3 entity obtains from the person performing the health research
11-4 representations that:
11-5 (1) use or disclosure is sought solely to review
11-6 protected health information as necessary to prepare a research
11-7 protocol or for similar purposes preparatory to research;
11-8 (2) no protected health information is to be removed
11-9 from the covered entity by the person performing the health
11-10 research in the course of the review; and
11-11 (3) the protected health information for which use or
11-12 access is sought is necessary for the research purposes.
11-13 (g) A person who is the subject of protected health
11-14 information collected or created in the course of a clinical
11-15 research trial may access the information at the conclusion of the
11-16 research trial.
11-17 Sec. 181.103. DISCLOSURE OF INFORMATION TO PUBLIC HEALTH
11-18 AUTHORITY. A covered entity may use or disclose protected health
11-19 information without the express written authorization of the
11-20 individual for public health activities or to comply with the
11-21 requirements of any federal or state health benefit program or any
11-22 federal or state law. A covered entity may disclose protected
11-23 health information:
11-24 (1) to a public health authority that is authorized by
11-25 law to collect or receive such information for the purpose of
11-26 preventing or controlling disease, injury, or disability, including
12-1 the reporting of disease, injury, vital events such as birth or
12-2 death, and the conduct of public health surveillance, public health
12-3 investigations, and public interventions;
12-4 (2) to a public health authority or other appropriate
12-5 government authority authorized by law to receive reports of child
12-6 or adult abuse, neglect, or exploitation; and
12-7 (3) to any state agency in conjunction with a federal
12-8 or state health benefit program.
12-9 (Sections 181.104-181.150 reserved for expansion
12-10 SUBCHAPTER D. PROHIBITED ACTS
12-11 Sec. 181.151. REIDENTIFIED INFORMATION. A person may not
12-12 reidentify or attempt to reidentify an individual who is the
12-13 subject of any protected health information without obtaining the
12-14 individual's consent or authorization if required under this
12-15 chapter or other state or federal law.
12-16 Sec. 181.152. MARKETING USES OF INFORMATION. (a) A covered
12-17 entity may not disclose, use, or sell or coerce an individual to
12-18 consent to the disclosure, use, or sale of protected health
12-19 information, including prescription patterns, for marketing
12-20 purposes without the consent or authorization of the individual who
12-21 is the subject of the protected health information.
12-22 (b) A written marketing communication must be sent in an
12-23 envelope showing only the addresses of sender and recipient and
12-24 must:
12-25 (1) state the name and toll-free number of the health
12-26 care entity sending the marketing communication; and
13-1 (2) explain the recipient's right to have the
13-2 recipient's name removed from the sender's mailing list.
13-3 (c) A person who receives a request under Subsection (b)(2)
13-4 to remove a person's name from a mailing list shall remove the
13-5 person's name not later than the fifth day after the date the
13-6 person receives the request.
13-7 (Sections 181.153-181.200 reserved for expansion
13-8 SUBCHAPTER E. ENFORCEMENT
13-9 Sec. 181.201. INJUNCTIVE RELIEF; CIVIL PENALTY. (a) The
13-10 attorney general may institute an action for injunctive relief to
13-11 restrain a violation of this chapter.
13-12 (b) In addition to the injunctive relief provided by
13-13 Subsection (a), the attorney general may institute an action for
13-14 civil penalties against a covered entity for a violation of this
13-15 chapter. A civil penalty assessed under this section may not
13-16 exceed $3,000 for each violation.
13-17 (c) If the court in which an action under Subsection (b) is
13-18 pending finds that the violations have occurred with a frequency as
13-19 to constitute a pattern or practice, the court may assess a civil
13-20 penalty not to exceed $250,000.
13-21 Sec. 181.202. DISCIPLINARY ACTION. In addition to the
13-22 penalties prescribed by this chapter, a violation of this chapter
13-23 by an individual or facility that is licensed by an agency of this
13-24 state is subject to investigation and disciplinary proceedings,
13-25 including probation or suspension by the licensing agency. If
13-26 there is evidence that the violations of this chapter constitute a
14-1 pattern or practice, the agency may revoke the individual's or
14-2 facility's license.
14-3 Sec. 181.203. EXCLUSION FROM STATE PROGRAMS. In addition to
14-4 the penalties prescribed by this chapter, a covered entity shall be
14-5 excluded from participating in any state-funded health care program
14-6 if a court finds the covered entity engaged in a pattern or
14-7 practice of violating this chapter.
14-8 Sec. 181.204. AVAILABILITY OF OTHER REMEDIES. This chapter
14-9 does not affect any right of a person under other law to bring a
14-10 cause of action or otherwise seek relief with respect to conduct
14-11 that is a violation of this chapter.
14-12 SECTION 2. Title 1, Insurance Code, is amended by adding
14-13 Chapter 28B to read as follows:
14-14 CHAPTER 28B. PRIVACY OF HEALTH INFORMATION
14-15 SUBCHAPTER A. GENERAL PROVISIONS
14-16 Art. 28B.01. DEFINITIONS. In this chapter:
14-17 (1) "Health information" means any information or data
14-18 regarding an individual, other than age or gender, whether oral or
14-19 recorded in any form or medium, that is created by or derived from
14-20 a health care provider or the individual and that relates to:
14-21 (A) the past, present, or future physical,
14-22 mental, or behavioral health or condition of an individual;
14-23 (B) the provision of health care to an
14-24 individual; or
14-25 (C) payment for the provision of health care to
14-26 an individual.
15-1 (2) "Licensee" means a person who holds or is required
15-2 to hold a license, registration, certificate of authority, or other
15-3 authority under this code or another insurance law of this state.
15-4 The term includes an insurance company, group hospital service
15-5 corporation, mutual insurance company, local mutual aid
15-6 association, statewide mutual assessment company, stipulated
15-7 premium insurance company, health maintenance organization,
15-8 reciprocal or interinsurance exchange, Lloyd's plan, fraternal
15-9 benefit society, county mutual insurer, farm mutual insurer, or
15-10 insurance agent.
15-11 (3) "Nonpublic personal health information" means
15-12 health information:
15-13 (A) that identifies an individual who is the
15-14 subject of the information; or
15-15 (B) with respect to which there is a reasonable
15-16 basis to believe that the information could be used to identify an
15-17 individual.
15-18 Art. 28B.02. PERSONALLY IDENTIFIABLE HEALTH INFORMATION:
15-19 PRIVACY NOTICE AND DISCLOSURE AUTHORIZATION. (a) A licensee must
15-20 obtain an authorization to disclose any nonpublic personal health
15-21 information before making such a disclosure.
15-22 (b) The request for authorization required by this article
15-23 may be in written or electronic form and must:
15-24 (1) state the identity of the consumer or customer who
15-25 is the subject of the nonpublic personal health information;
15-26 (2) describe:
16-1 (A) the types of nonpublic personal health
16-2 information to be disclosed;
16-3 (B) the parties to whom the licensee discloses
16-4 nonpublic personal health information;
16-5 (C) the purpose of the disclosure;
16-6 (D) how the information will be used; and
16-7 (E) the procedure for revoking the
16-8 authorization;
16-9 (3) include the signature and date signed of:
16-10 (A) the consumer or customer who is the subject
16-11 of the nonpublic personal health information; or
16-12 (B) the individual who is legally empowered to
16-13 grant authority;
16-14 (4) provide notice:
16-15 (A) of the length of time for which the
16-16 authorization is valid; and
16-17 (B) that the consumer or customer may revoke the
16-18 authorization at any time; and
16-19 (5) specify the amount of time that the authorization
16-20 remains valid, which may not exceed 24 months.
16-21 (c) The right of a consumer or customer to revoke an
16-22 authorization at any time is subject to the rights of an individual
16-23 who acted in reliance on the authorization before receiving notice
16-24 of a revocation.
16-25 (d) The licensee shall retain the original or a copy of the
16-26 authorization in the record of the individual who is the subject of
17-1 the nonpublic personal health information.
17-2 Art. 28B.03. DELIVERY OF AUTHORIZATION. (a) A request for
17-3 authorization and an authorization form may be delivered to a
17-4 consumer or a customer if the request and the authorization form
17-5 are clear and conspicuous.
17-6 (b) A licensee must include delivery of the authorization in
17-7 a notice to the consumer or customer only if the licensee intends
17-8 to disclose protected health information under this chapter.
17-9 Art. 28B.04. EXCEPTIONS. A licensee may disclose nonpublic
17-10 personal health information to the extent that the disclosure is
17-11 necessary to perform the following insurance functions on behalf of
17-12 that licensee:
17-13 (1) the investigation or reporting of actual or
17-14 potential fraud, misrepresentation, or criminal activity;
17-15 (2) underwriting;
17-16 (3) the placement or issuance of an insurance policy;
17-17 (4) loss control services;
17-18 (5) ratemaking and guaranty fund functions;
17-19 (6) reinsurance and excess loss insurance;
17-20 (7) risk management;
17-21 (8) case management;
17-22 (9) disease management;
17-23 (10) quality assurance;
17-24 (11) quality improvement;
17-25 (12) performance evaluation;
17-26 (13) health care provider credentialing verification;
18-1 (14) utilization review;
18-2 (15) peer review activities;
18-3 (16) actuarial, scientific, medical, or public policy
18-4 research;
18-5 (17) grievance procedures;
18-6 (18) the internal administration of compliance,
18-7 managerial, and information systems;
18-8 (19) policyholder services;
18-9 (20) auditing;
18-10 (21) reporting;
18-11 (22) database security;
18-12 (23) the administration of consumer disputes and
18-13 inquiries;
18-14 (24) external accreditation standards;
18-15 (25) the replacement of a group benefit plan or
18-16 workers' compensation policy or program;
18-17 (26) activities in connection with a sale, merger,
18-18 transfer, or exchange of all or part of a business or operating
18-19 unit;
18-20 (27) any activity that permits disclosure without
18-21 authorization under the federal Health Insurance Portability and
18-22 Accountability Act of 1996 (42 U.S.C. Section 1320d et seq.), as
18-23 amended;
18-24 (28) disclosure that is required, or is a lawful or
18-25 appropriate method to enforce the licensee's rights or the rights
18-26 of other persons engaged, in carrying out a transaction or
19-1 providing a product or service that the consumer requests or
19-2 authorizes;
19-3 (29) claims administration, adjustment, and
19-4 management;
19-5 (30) any activity otherwise permitted by law, required
19-6 pursuant to a governmental reporting authority, or required to
19-7 comply with legal process; and
19-8 (31) any other insurance functions that the
19-9 commissioner approves that are:
19-10 (A) necessary for appropriate performance of
19-11 insurance functions; and
19-12 (B) fair and reasonable to the interests of
19-13 consumers.
19-14 Art. 28B.05. EXCEPTION FOR COMPLIANCE WITH FEDERAL RULES.
19-15 This subchapter does not apply to a licensee who is required to
19-16 comply with the standards governing the privacy of individually
19-17 identifiable health information adopted by the United States
19-18 Secretary of Health and Human Services under Section 262(a), Health
19-19 Insurance Portability and Accountability Act of 1996 (42 U.S.C.
19-20 Sections 1320d-1320d-8).
19-21 Art. 28B.06. PROTECTION OF FAIR CREDIT REPORTING ACTS.
19-22 (a) This chapter may not be construed to modify, limit, or
19-23 supersede the operation of the Fair Credit Reporting Act (15 U.S.C.
19-24 Section 1681 et seq.) and an inference may not be drawn based on
19-25 this chapter regarding whether information is transaction or
19-26 experience information under Section 603 of that Act (15 U.S.C.
20-1 Section 1681a).
20-2 (b) This chapter does not preempt or supersede a state law
20-3 related to medical record, health, or insurance information privacy
20-4 that is in effect on July 1, 2002.
20-5 Art. 28B.07. VIOLATION; PENALTIES. A licensee may not
20-6 knowingly or wilfully violate this chapter.
20-7 Art. 28B.08. RULES. The commissioner may adopt rules as
20-8 necessary to implement this chapter.
20-9 Art. 28B.09. INJUNCTIVE RELIEF; CIVIL PENALTY. (a) The
20-10 attorney general may institute an action for injunctive relief to
20-11 restrain a violation of this chapter.
20-12 (b) In addition to the injunctive relief provided by
20-13 Subsection (a), the attorney general may institute an action for
20-14 civil penalties against a covered entity or health care entity for
20-15 a violation of this chapter. A civil penalty assessed under this
20-16 section may not be less than $3,000 for each violation.
20-17 (c) If the court in which an action under Subsection (b) is
20-18 pending finds that the violations have occurred with a frequency as
20-19 to constitute a pattern or practice, the court may assess a civil
20-20 penalty not to exceed $250,000.
20-21 (d) The civil penalty authorized by this article is in
20-22 addition to any other civil, administrative, or criminal action
20-23 provided by law.
20-24 Art. 28B.10. DISCIPLINARY ACTION. In addition to the
20-25 penalties prescribed by this chapter, a violation of this chapter
20-26 by a licensee is subject to investigation and disciplinary
21-1 proceedings, including probation or suspension. Evidence of a
21-2 pattern or practice of violations under this chapter may subject
21-3 the licensee to license revocation.
21-4 Art. 28B.11. EXCLUSION FROM STATE PROGRAMS. In addition to
21-5 the penalties prescribed by this chapter, a licensee shall be
21-6 excluded from participating in any state-funded health care program
21-7 if there is evidence that the licensee engaged in a pattern or
21-8 practice of violating this chapter.
21-9 Art. 28B.12. AVAILABILITY OF OTHER REMEDIES. This chapter
21-10 does not affect any right of a person under other law to bring a
21-11 cause of action or otherwise seek relief with respect to conduct
21-12 that is a violation of this chapter.
21-13 SECTION 3. Section 161.032, Health and Safety Code, is
21-14 amended to read as follows:
21-15 Sec. 161.032. RECORDS AND PROCEEDINGS CONFIDENTIAL.
21-16 (a) The records and proceedings of a medical committee are
21-17 confidential and are not subject to court subpoena.
21-18 (b) Notwithstanding Section 551.002, Government Code, the
21-19 following proceedings may be held in a closed meeting following the
21-20 procedures prescribed by Subchapter E, Chapter 551, Government
21-21 Code:
21-22 (1) a [A] proceeding of a medical peer review
21-23 committee, as defined by Section 151.002, Occupations Code [1.03,
21-24 Medical Practice Act (Article 4495b, Vernon's Texas Civil
21-25 Statutes)], or medical committee;[,] or
21-26 (2) a meeting of the governing body of a public
22-1 hospital, hospital district, [or] hospital authority, or health
22-2 maintenance organization of a public hospital, hospital authority,
22-3 hospital district, or state-owned teaching hospital at which the
22-4 governing body receives records, information, or reports provided
22-5 by a medical committee, [or] medical peer review committee, or
22-6 compliance officer [is not subject to Chapter 551, Government
22-7 Code].
22-8 (c) Records, information, or reports of a medical committee,
22-9 [or] medical peer review committee, or compliance officer and
22-10 records, information, or reports provided by a medical committee,
22-11 [or] medical peer review committee, or compliance officer to the
22-12 governing body of a public hospital, hospital district, or hospital
22-13 authority are not subject to disclosure under Chapter 552,
22-14 Government Code.
22-15 (d) [(b)] The records and proceedings may be used by the
22-16 committee and the committee members only in the exercise of proper
22-17 committee functions.
22-18 (e) The records, information, and reports received or
22-19 maintained by a compliance officer retain the protection provided
22-20 by this section only if the records, information, or reports are
22-21 received, created, or maintained in the exercise of a proper
22-22 function of the compliance officer as provided by the Office of
22-23 Inspector General of the United States Department of Health and
22-24 Human Services.
22-25 (f) [(c)] This section and Subchapter A, Chapter 160,
22-26 Occupations Code [Section 5.06, Medical Practice Act (Article
23-1 4495b, Vernon's Texas Civil Statutes)], do not apply to records
23-2 made or maintained in the regular course of business by a hospital,
23-3 health maintenance organization, medical organization, university
23-4 medical center or health science center, hospital district,
23-5 hospital authority, or extended care facility.
23-6 SECTION 4. The heading to Subchapter D, Chapter 161, Health
23-7 and Safety Code, is amended to read as follows:
23-8 SUBCHAPTER D. MEDICAL COMMITTEES, [AND] MEDICAL
23-9 PEER REVIEW COMMITTEES, AND COMPLIANCE OFFICERS
23-10 SECTION 5. (a) Except as provided by Subsection (c), this
23-11 Act takes effect September 1, 2001.
23-12 (b) A covered entity shall comply with the requirements of
23-13 Chapter 181, Health and Safety Code, as added by this Act, not
23-14 later than September 1, 2003.
23-15 (c) Chapter 28B, Insurance Code, as added by this Act, takes
23-16 effect January 1, 2002.
23-17 (d) The commissioner of insurance may delay the date for
23-18 compliance with Chapter 28B, Insurance Code, as added by this Act,
23-19 if the commissioner determines that an entity needs more time to
23-20 establish policies and systems to comply with the requirements of
23-21 that chapter.
23-22 (e) An authorization or consent granting access to an
23-23 individual's health care records executed before the effective date
23-24 of this Act is governed by the law in effect when the authorization
23-25 or consent was executed, and the former law continues in effect for
23-26 that purpose.
S.B. No. 11
_______________________________ _______________________________
President of the Senate Speaker of the House
I hereby certify that S.B. No. 11 passed the Senate on
March 21, 2001, by a viva-voce vote; May 25, 2001, Senate refused
to concur in House amendments and requested appointment of
Conference Committee; May 25, 2001, House granted request of the
Senate; May 27, 2001, Senate adopted Conference Committee Report by
a viva-voce vote.
_______________________________
Secretary of the Senate
I hereby certify that S.B. No. 11 passed the House, with
amendments, on May 23, 2001, by a non-record vote; May 25, 2001,
House granted request of the Senate for appointment of Conference
Committee; May 27, 2001, House adopted Conference Committee Report
by a non-record vote.
_______________________________
Chief Clerk of the House
Approved:
_______________________________
Date
_______________________________
Governor