H.B. No. 300
 
 
 
 
AN ACT
  relating to the privacy of protected health information; providing
  administrative, civil, and criminal penalties.
         BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
         SECTION 1.  Section 181.001(b), Health and Safety Code, is
  amended by amending Subdivisions (1) and (3) and adding
  Subdivisions (2-a) and (2-b) to read as follows:
               (1)  "Commission" ["Commissioner"] means the Health
  and Human Services Commission [commissioner of health and human
  services].
               (2-a)  "Disclose" means to release, transfer, provide
  access to, or otherwise divulge information outside the entity
  holding the information.
               (2-b)  "Executive commissioner" means the executive
  commissioner of the Health and Human Services Commission.
               (3)  "Health Insurance Portability and Accountability
  Act and Privacy Standards" means the privacy requirements in
  existence on September 1, 2011 [August 14, 2002], of the
  Administrative Simplification subtitle of the Health Insurance
  Portability and Accountability Act of 1996 (Pub. L. No. 104-191)
  contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A
  and E.
         SECTION 2.  Subchapter A, Chapter 181, Health and Safety
  Code, is amended by adding Section 181.004 to read as follows:
         Sec. 181.004.  APPLICABILITY OF STATE AND FEDERAL LAW.  (a)  
  A covered entity, as that term is defined by 45 C.F.R. Section
  160.103, shall comply with the Health Insurance Portability and
  Accountability Act and Privacy Standards.
         (b)  Subject to Section 181.051, a covered entity, as that
  term is defined by Section 181.001, shall comply with this chapter.
         SECTION 3.  Section 181.005, Health and Safety Code, is
  amended to read as follows:
         Sec. 181.005.  DUTIES OF THE EXECUTIVE COMMISSIONER. (a)
  The executive commissioner shall administer this chapter and may
  adopt rules consistent with the Health Insurance Portability and
  Accountability Act and Privacy Standards to administer this
  chapter.
         (b)  The executive commissioner shall review amendments to
  the definitions in 45 C.F.R. Parts 160 and 164 that occur after
  September 1, 2011 [August 14, 2002], and determine whether it is in
  the best interest of the state to adopt the amended federal
  regulations. If the executive commissioner determines that it is
  in the best interest of the state to adopt the amended federal
  regulations, the amended regulations shall apply as required by
  this chapter.
         (c)  In making a determination under this section, the
  executive commissioner must consider, in addition to other factors
  affecting the public interest, the beneficial and adverse effects
  the amendments would have on:
               (1)  the lives of individuals in this state and their
  expectations of privacy; and
               (2)  governmental entities, institutions of higher
  education, state-owned teaching hospitals, private businesses, and
  commerce in this state.
         (d)  The executive commissioner shall prepare a report of the
  executive commissioner's determination made under this section and
  shall file the report with the presiding officer of each house of
  the legislature before the 30th day after the date the
  determination is made. The report must include an explanation of
  the reasons for the determination.
         SECTION 4.  Section 181.006, Health and Safety Code, is
  amended to read as follows:
         Sec. 181.006.  PROTECTED HEALTH INFORMATION NOT PUBLIC.
  Notwithstanding Sections 181.004 and 181.051, for [For] a covered
  entity that is a governmental unit, an individual's protected
  health information:
               (1)  includes any information that reflects that an
  individual received health care from the covered entity; and
               (2)  is not public information and is not subject to
  disclosure under Chapter 552, Government Code.
         SECTION 5.  Subchapter B, Chapter 181, Health and Safety
  Code, is amended by adding Section 181.059 to read as follows:
         Sec. 181.059.  CRIME VICTIM COMPENSATION.  This chapter does
  not apply to any person or entity in connection with providing,
  administering, supporting, or coordinating any of the benefits
  regarding compensation to victims of crime as provided by
  Subchapter B, Chapter 56, Code of Criminal Procedure.
         SECTION 6.  Chapter 181, Health and Safety Code, is amended
  by adding Subchapter C to read as follows:
  SUBCHAPTER C. ACCESS TO AND USE OF PROTECTED HEALTH INFORMATION
         Sec. 181.101.  TRAINING REQUIRED. (a)  Each covered entity
  shall provide a training program to employees of the covered entity
  regarding the state and federal law concerning protected health
  information as it relates to:
               (1)  the covered entity's particular course of
  business; and
               (2)  each employee's scope of employment.
         (b)  An employee of a covered entity must complete training
  described by Subsection (a) not later than the 60th day after the
  date the employee is hired by the covered entity.
         (c)  An employee of a covered entity shall receive training
  described by Subsection (a) at least once every two years.
         (d)  A covered entity shall require an employee of the entity
  who attends a training program described by Subsection (a) to sign,
  electronically or in writing, a statement verifying the employee's
  attendance at the training program. The covered entity shall
  maintain the signed statement.
         Sec. 181.102.  CONSUMER ACCESS TO ELECTRONIC HEALTH RECORDS.
  (a)  Except as provided by Subsection (b), if a health care
  provider is using an electronic health records system that is
  capable of fulfilling the request, the health care provider, not
  later than the 15th business day after the date the health care
  provider receives a written request from a person for the person's
  electronic health record, shall provide the requested record to the
  person in electronic form unless the person agrees to accept the
  record in another form.
         (b)  A health care provider is not required to provide access
  to a person's protected health information that is excepted from
  access, or to which access may be denied, under 45 C.F.R. Section
  164.524.
         (c)  For purposes of Subsection (a), the executive
  commissioner, in consultation with the Department of State Health
  Services, the Texas Medical Board, and the Texas Department of
  Insurance, by rule may recommend a standard electronic format for
  the release of requested health records. The standard electronic
  format recommended under this section must be consistent, if
  feasible, with federal law regarding the release of electronic
  health records.
         Sec. 181.103.  CONSUMER INFORMATION WEBSITE. The attorney
  general shall maintain an Internet website that provides:
               (1)  information concerning a consumer's privacy rights
  regarding protected health information under federal and state law;
               (2)  a list of the state agencies, including the
  Department of State Health Services, the Texas Medical Board, and
  the Texas Department of Insurance, that regulate covered entities
  in this state and the types of entities each agency regulates;
               (3)  detailed information regarding each agency's
  complaint enforcement process; and
               (4)  contact information, including the address of the
  agency's Internet website, for each agency listed under Subdivision
  (2) for reporting a violation of this chapter.
         Sec. 181.104.  CONSUMER COMPLAINT REPORT BY ATTORNEY
  GENERAL. (a)  The attorney general annually shall submit to the
  legislature a report describing:
               (1)  the number and types of complaints received by the
  attorney general and by the state agencies receiving consumer
  complaints under Section 181.103; and
               (2)  the enforcement action taken in response to each
  complaint reported under Subdivision (1).
         (b)  Each state agency that receives consumer complaints
  under Section 181.103 shall submit to the attorney general, in the
  form required by the attorney general, the information the attorney
  general requires to compile the report required by Subsection (a).
         (c)  The attorney general shall de-identify protected health
  information from the individual to whom the information pertains
  before including the information in the report required by
  Subsection (a).
         SECTION 7.  Subchapter D, Chapter 181, Health and Safety
  Code, is amended by adding Sections 181.153 and 181.154 to read as
  follows:
         Sec. 181.153.  SALE OF PROTECTED HEALTH INFORMATION
  PROHIBITED; EXCEPTIONS.  (a)  A covered entity may not disclose an
  individual's protected health information to any other person in
  exchange for direct or indirect remuneration, except that a covered
  entity may disclose an individual's protected health information:
               (1)  to another covered entity, as that term is defined
  by Section 181.001, or to a covered entity, as that term is defined
  by Section 602.001, Insurance Code, for the purpose of:
                     (A)  treatment;
                     (B)  payment;
                     (C)  health care operations; or
                     (D)  performing an insurance or health
  maintenance organization function described by Section 602.053,
  Insurance Code; or
               (2)  as otherwise authorized or required by state or
  federal law.
         (b)  The direct or indirect remuneration a covered entity
  receives for making a disclosure of protected health information
  authorized by Subsection (a)(1)(D) may not exceed the covered
  entity's reasonable costs of preparing or transmitting the
  protected health information.
         Sec. 181.154.  NOTICE AND AUTHORIZATION REQUIRED FOR
  ELECTRONIC DISCLOSURE OF PROTECTED HEALTH INFORMATION; EXCEPTIONS.
  (a) A covered entity shall provide notice to an individual for whom
  the covered entity creates or receives protected health information
  if the individual's protected health information is subject to
  electronic disclosure. A covered entity may provide general notice
  by:
               (1)  posting a written notice in the covered entity's
  place of business;
               (2)  posting a notice on the covered entity's Internet
  website; or
               (3)  posting a notice in any other place where
  individuals whose protected health information is subject to
  electronic disclosure are likely to see the notice.
         (b)  Except as provided by Subsection (c), a covered entity
  may not electronically disclose an individual's protected health
  information to any person without a separate authorization from the
  individual or the individual's legally authorized representative
  for each disclosure. An authorization for disclosure under this
  subsection may be made in written or electronic form or in oral form
  if it is documented in writing by the covered entity.
         (c)  The authorization for electronic disclosure of
  protected health information described by Subsection (b) is not
  required if the disclosure is made:
               (1)  to another covered entity, as that term is defined
  by Section 181.001, or to a covered entity, as that term is defined
  by Section 602.001, Insurance Code, for the purpose of:
                     (A)  treatment;
                     (B)  payment;
                     (C)  health care operations; or
                     (D)  performing an insurance or health
  maintenance organization function described by Section 602.053,
  Insurance Code; or
               (2)  as otherwise authorized or required by state or
  federal law.
         (d)  The attorney general shall adopt a standard
  authorization form for use in complying with this section. The form
  must comply with the Health Insurance Portability and
  Accountability Act and Privacy Standards and this chapter.
         (e)  This section does not apply to a covered entity, as
  defined by Section 602.001, Insurance Code, if that entity is not a
  covered entity as defined by 45 C.F.R. Section 160.103.
         SECTION 8.  Section 181.201, Health and Safety Code, is
  amended by amending Subsections (b) and (c) and adding Subsections
  (b-1), (d), (e), and (f) to read as follows:
         (b)  In addition to the injunctive relief provided by
  Subsection (a), the attorney general may institute an action for
  civil penalties against a covered entity for a violation of this
  chapter. A civil penalty assessed under this section may not
  exceed:
               (1)  $5,000 [$3,000] for each violation that occurs in
  one year, regardless of how long the violation continues during
  that year, committed negligently;
               (2)  $25,000 for each violation that occurs in one
  year, regardless of how long the violation continues during that
  year, committed knowingly or intentionally; or
               (3)  $250,000 for each violation in which the covered
  entity knowingly or intentionally used protected health
  information for financial gain.
         (b-1)  The total amount of a penalty assessed against a
  covered entity under Subsection (b) in relation to a violation or
  violations of Section 181.154 may not exceed $250,000 annually if
  the court finds that the disclosure was made only to another covered
  entity and only for a purpose described by Section 181.154(c) and
  the court finds that:
               (1)  the protected health information disclosed was
  encrypted or transmitted using encryption technology designed to
  protect against improper disclosure;
               (2)  the recipient of the protected health information
  did not use or release the protected health information; or
 
               (3)  at the time of the disclosure of the protected
  health information, the covered entity had developed, implemented,
  and maintained security policies, including the education and
  training of employees responsible for the security of protected
  health information.
         (c)  If the court in which an action under Subsection (b) is
  pending finds that the violations have occurred with a frequency as
  to constitute a pattern or practice, the court may assess a civil
  penalty not to exceed $1.5 million annually [$250,000].
         (d)  In determining the amount of a penalty imposed under
  Subsection (b), the court shall consider:
               (1)  the seriousness of the violation, including the
  nature, circumstances, extent, and gravity of the disclosure;
               (2)  the covered entity's compliance history;
               (3)  whether the violation poses a significant risk of
  financial, reputational, or other harm to an individual whose
  protected health information is involved in the violation;
               (4)  whether the covered entity was certified at the
  time of the violation as described by Section 182.108;
               (5)  the amount necessary to deter a future violation;
  and
               (6)  the covered entity's efforts to correct the
  violation.
         (e)  The attorney general may institute an action against a
  covered entity that is licensed by a licensing agency of this state
  for a civil penalty under this section only if the licensing agency
  refers the violation to the attorney general under Section
  181.202(2).
         (f)  The office of the attorney general may retain a
  reasonable portion of a civil penalty recovered under this section,
  not to exceed amounts specified in the General Appropriations Act,
  for the enforcement of this subchapter.
         SECTION 9.  Section 181.202, Health and Safety Code, is
  amended to read as follows:
         Sec. 181.202.  DISCIPLINARY ACTION. In addition to the
  penalties prescribed by this chapter, a violation of this chapter
  by a covered entity [an individual or facility] that is licensed by
  an agency of this state is subject to investigation and
  disciplinary proceedings, including probation or suspension by the
  licensing agency. If there is evidence that the violations of this
  chapter are egregious and constitute a pattern or practice, the
  agency may:
               (1)  revoke the covered entity's [individual's or
  facility's] license; or
               (2)  refer the covered entity's case to the attorney
  general for the institution of an action for civil penalties under
  Section 181.201(b).
         SECTION 10.  Section 181.205, Health and Safety Code, is
  amended by amending Subsection (b) and adding Subsection (c) to
  read as follows:
         (b)  In determining the amount of a penalty imposed under
  other law in accordance with Section 181.202, a court or state
  agency shall consider the following factors:
               (1)  the seriousness of the violation, including the
  nature, circumstances, extent, and gravity of the disclosure;
               (2)  the covered entity's compliance history;
               (3)  whether the violation poses a significant risk of
  financial, reputational, or other harm to an individual whose
  protected health information is involved in the violation;
               (4)  whether the covered entity was certified at the
  time of the violation as described by Section 182.108;
               (5)  the amount necessary to deter a future violation;
  and
               (6)  the covered entity's efforts to correct the
  violation.
         (c)  On receipt of evidence under Subsections [Subsection]
  (a) and (b), a court or state agency shall consider the evidence and
  mitigate imposition of an administrative penalty or assessment of a
  civil penalty accordingly.
         SECTION 11.  Subchapter E, Chapter 181, Health and Safety
  Code, is amended by adding Sections 181.206 and 181.207 to read as
  follows:
         Sec. 181.206.  AUDITS OF COVERED ENTITIES. (a)  The
  commission, in coordination with the attorney general, the Texas
  Health Services Authority, and the Texas Department of Insurance:
               (1)  may request that the United States secretary of
  health and human services conduct an audit of a covered entity, as
  that term is defined by 45 C.F.R. Section 160.103, in this state to
  determine compliance with the Health Insurance Portability and
  Accountability Act and Privacy Standards; and
               (2)  shall periodically monitor and review the results
  of audits of covered entities in this state conducted by the United
  States secretary of health and human services.
         (b)  If the commission has evidence that a covered entity has
  committed violations of this chapter that are egregious and
  constitute a pattern or practice, the commission may:
               (1)  require the covered entity to submit to the
  commission the results of a risk analysis conducted by the covered
  entity if required by 45 C.F.R. Section 164.308(a)(1)(ii)(A); or
               (2)  if the covered entity is licensed by a licensing
  agency of this state, request that the licensing agency conduct an
  audit of the covered entity's system to determine compliance with
  the provisions of this chapter.
         (c)  The commission annually shall submit to the appropriate
  standing committees of the senate and the house of representatives
  a report regarding the number of federal audits of covered entities
  in this state and the number of audits required under Subsection
  (b).
         Sec. 181.207.  FUNDING. The commission and the Texas
  Department of Insurance, in consultation with the Texas Health
  Services Authority, shall apply for and actively pursue available
  federal funding for enforcement of this chapter.
         SECTION 12.  Section 182.002, Health and Safety Code, is
  amended by adding Subdivisions (2-a), (3-a), and (3-b) to read as
  follows:
               (2-a)  "Covered entity" has the meaning assigned by
  Section 181.001.
               (3-a)  "Disclose" has the meaning assigned by Section
  181.001.
               (3-b)  "Health Insurance Portability and
  Accountability Act and Privacy Standards" has the meaning assigned
  by Section 181.001.
         SECTION 13.  Subchapter C, Chapter 182, Health and Safety
  Code, is amended by adding Section 182.108 to read as follows:
         Sec. 182.108.  STANDARDS FOR ELECTRONIC SHARING OF PROTECTED
  HEALTH INFORMATION; COVERED ENTITY CERTIFICATION. (a)  The
  corporation shall develop and submit to the commission for
  ratification privacy and security standards for the electronic
  sharing of protected health information.
         (b)  The commission shall review and by rule adopt acceptable
  standards submitted for ratification under Subsection (a).
         (c)  Standards adopted under Subsection (b) must be designed
  to:
               (1)  comply with the Health Insurance Portability and
  Accountability Act and Privacy Standards and Chapter 181;
               (2)  comply with any other state and federal law
  relating to the security and confidentiality of information
  electronically maintained or disclosed by a covered entity;
               (3)  ensure the secure maintenance and disclosure of
  personally identifiable health information;
               (4)  include strategies and procedures for disclosing
  personally identifiable health information; and
               (5)  support a level of system interoperability with
  existing health record databases in this state that is consistent
  with emerging standards.
         (d)  The corporation shall establish a process by which a
  covered entity may apply for certification by the corporation of a
  covered entity's past compliance with standards adopted under
  Subsection (b).
         (e)  The corporation shall publish the standards adopted
  under Subsection (b) on the corporation's Internet website.
         SECTION 14.  Section 521.053, Business & Commerce Code, is
  amended by amending Subsection (b) and adding Subsection (b-1) to
  read as follows:
         (b)  A person who conducts business in this state and owns or
  licenses computerized data that includes sensitive personal
  information shall disclose any breach of system security, after
  discovering or receiving notification of the breach, to any
  individual [resident of this state] whose sensitive personal
  information was, or is reasonably believed to have been, acquired
  by an unauthorized person. The disclosure shall be made as quickly
  as possible, except as provided by Subsection (d) or as necessary to
  determine the scope of the breach and restore the reasonable
  integrity of the data system.
         (b-1)  Notwithstanding Subsection (b), the requirements of
  Subsection (b) apply only if the individual whose sensitive
  personal information was or is reasonably believed to have been
  acquired by an unauthorized person is a resident of this state or
  another state that does not require a person described by
  Subsection (b) to notify the individual of a breach of system
  security. If the individual is a resident of a state that requires
  a person described by Subsection (b) to provide notice of a breach
  of system security, the notice of the breach of system security
  provided under that state's law satisfies the requirements of
  Subsection (b).
         SECTION 15.  Section 521.151, Business & Commerce Code, is
  amended by adding Subsection (a-1) to read as follows:
         (a-1)  In addition to penalties assessed under Subsection
  (a), a person who fails to take reasonable action to comply with
  Section 521.053(b) is liable to this state for a civil penalty of
  not more than $100 for each individual to whom notification is due
  under that subsection for each consecutive day that the person
  fails to take reasonable action to comply with that subsection.
  Civil penalties under this section may not exceed $250,000 for all
  individuals to whom notification is due after a single breach. The
  attorney general may bring an action to recover the civil penalties
  imposed under this subsection.
         SECTION 16.  Section 522.002(b), Business & Commerce Code,
  is amended to read as follows:
         (b)  An offense under this section is a Class B misdemeanor,
  except that the offense is a state jail felony if the information
  accessed, read, scanned, stored, or transferred was protected
  health information as defined by the Health Insurance Portability
  and Accountability Act and Privacy Standards, as defined by Section
  181.001, Health and Safety Code.
         SECTION 17.  Subchapter B, Chapter 531, Government Code, is
  amended by adding Section 531.0994 to read as follows:
         Sec. 531.0994.  STUDY; ANNUAL REPORT. (a)  The commission,
  in consultation with the Department of State Health Services, the
  Texas Medical Board, and the Texas Department of Insurance, shall
  explore and evaluate new developments in safeguarding protected
  health information.
         (b)  Not later than December 1 each year, the commission
  shall report to the legislature on new developments in safeguarding
  protected health information and recommendations for the
  implementation of safeguards within the commission.
         SECTION 18.  Subchapter B, Chapter 602, Insurance Code, is
  amended by adding Section 602.054 to read as follows:
         Sec. 602.054.  COMPLIANCE WITH OTHER LAW.  A covered entity
  shall comply with:
               (1)  Subchapter D, Chapter 181, Health and Safety Code,
  except as otherwise provided by that subchapter; and
               (2)  the standards adopted under Section 182.108,
  Health and Safety Code.
         SECTION 19.  (a)  In this section, "unsustainable covered
  entity" means a covered entity, as defined by Section 181.001,
  Health and Safety Code, that ceases to operate.
         (b)  The Health and Human Services Commission, in
  consultation with the Texas Health Services Authority and the Texas
  Medical Board, shall review issues regarding the security and
  accessibility of protected health information maintained by an
  unsustainable covered entity.
         (c)  Not later than December 1, 2012, the Health and Human
  Services Commission shall submit to the appropriate standing
  committees of the senate and the house of representatives
  recommendations for:
               (1)  the state agency to which the protected health
  information maintained by an unsustainable covered entity should be
  transferred for storage;
               (2)  ensuring the security of protected health
  information maintained by unsustainable covered entities in this
  state, including secure transfer methods from the covered entity to
  the state;
               (3)  the method and period of time for which protected
  health information should be maintained by the state after transfer
  from an unsustainable covered entity;
               (4)  methods and processes by which an individual
  should be able to access the individual's protected health
  information after transfer to the state; and
               (5)  funding for the storage of protected health
  information after transfer to the state.
         (d)  This section expires January 1, 2013.
         SECTION 20.  (a)  A task force on health information
  technology is created.
         (b)  The task force is composed of:
               (1)  11 members appointed by the attorney general with
  the advice of the chairs of the standing committees of the senate
  and house of representatives having primary jurisdiction over
  health information technology issues, including:
                     (A)  at least two physicians;
                     (B)  at least two individuals who represent
  hospitals;
                     (C)  at least one private citizen who represents
  patient and parental rights; and
                     (D)  at least one pharmacist; and
               (2)  the following ex officio members:
                     (A)  the executive commissioner of the Health and
  Human Services Commission or an employee of the commission
  designated by the executive commissioner;
                     (B)  the commissioner of the Department of State
  Health Services or an employee of the department designated by the
  commissioner; and
                     (C)  the presiding officer of the Texas Health
  Services Authority or an employee of the authority designated by
  the presiding officer.
         (c)  Not later than December 1, 2012, the attorney general
  shall appoint the members of the task force and appoint a chair of
  the task force from among its membership. The chair of the task
  force must have expertise in:
               (1)  state and federal health information privacy law;
               (2)  patient rights; and
               (3)  electronic signatures and other consent tools.
         (d)  The task force shall develop recommendations regarding:
               (1)  the improvement of informed consent protocols for
  the electronic exchange of protected health information, as that
  term is defined by the Health Insurance Portability and
  Accountability Act and Privacy Standards, as defined by Section
  181.001, Health and Safety Code, as amended by this Act;
               (2)  the improvement of patient access to and use of
  electronically maintained and disclosed protected health
  information for the purpose of personal health and coordination of
  health care services; and
               (3)  any other critical issues, as determined by the
  task force, related to the exchange of protected health
  information.
         (e)  Not later than January 1, 2014, the task force shall
  submit to the standing committees of the senate and house of
  representatives having primary jurisdiction over health
  information technology issues and the Texas Health Services
  Authority a report including the task force's recommendations under
  Subsection (d).
         (f)  The Texas Health Services Authority shall publish the
  report submitted under Subsection (e) on the authority's Internet
  website.
         (g)  This section expires February 1, 2014.
         SECTION 21.  Section 531.0315(b), Government Code, is
  repealed.
         SECTION 22.  Not later than January 1, 2013:
               (1)  the attorney general shall adopt the form required
  by Section 181.154, Health and Safety Code, as added by this Act;
  and
               (2)  the Health and Human Services Commission shall
  adopt the standards required by Section 182.108, Health and Safety
  Code, as added by this Act.
         SECTION 23.  (a)  Not later than May 1, 2013, the attorney
  general shall establish the Internet website required by Section
  181.103, Health and Safety Code, as added by this Act.
         (b)  Not later than December 1, 2013, the attorney general
  shall submit the initial report required by Section 181.104, Health
  and Safety Code, as added by this Act.
         SECTION 24.  Not later than December 1, 2013, the Health and
  Human Services Commission shall submit the initial report required
  by Section 531.0994, Government Code, as added by this Act.
         SECTION 25.  The changes in law made by Section 181.201,
  Health and Safety Code, as amended by this Act, Section 521.053,
  Business & Commerce Code, as amended by this Act, and Section
  521.151(a-1), Business & Commerce Code, as added by this Act, apply
  only to conduct that occurs on or after the effective date of this
  Act. Conduct that occurs before the effective date of this Act is
  governed by the law in effect at the time the conduct occurred, and
  the former law is continued in effect for that purpose.
         SECTION 26.  The change in law made by Section 522.002(b),
  Business & Commerce Code, as amended by this Act, applies only to an
  offense committed on or after the effective date of this Act. An
  offense committed before the effective date of this Act is governed
  by the law in effect at the time the offense was committed, and the
  former law is continued in effect for that purpose. For purposes of
  this section, an offense was committed before the effective date of
  this Act if any element of the offense was committed before that
  date.
         SECTION 27.  This Act takes effect September 1, 2012.
 
 
  ______________________________ ______________________________
     President of the Senate Speaker of the House     
 
 
         I certify that H.B. No. 300 was passed by the House on May 4,
  2011, by the following vote:  Yeas 141, Nays 0, 2 present, not
  voting; that the House refused to concur in Senate amendments to
  H.B. No. 300 on May 26, 2011, and requested the appointment of a
  conference committee to consider the differences between the two
  houses; and that the House adopted the conference committee report
  on H.B. No. 300 on May 29, 2011, by the following vote:  Yeas 145,
  Nays 0, 1 present, not voting.
 
  ______________________________
  Chief Clerk of the House   
 
         I certify that H.B. No. 300 was passed by the Senate, with
  amendments, on May 24, 2011, by the following vote:  Yeas 31, Nays
  0; at the request of the House, the Senate appointed a conference
  committee to consider the differences between the two houses; and
  that the Senate adopted the conference committee report on H.B. No.
  300 on May 29, 2011, by the following vote:  Yeas 31, Nays 0.
 
  ______________________________
  Secretary of the Senate   
  APPROVED: __________________
                  Date       
   
           __________________
                Governor