Are YOU HIPAA (TX HB 300) Compliant in Texas?

It’s the law! Federal and state laws require patient medical information be protected and secured. 

Protecting sensitive medical information can be challenging with today’s security breaches. Anyone who has contact with protected health information must be trained on how to keep that information protected and out of the hands of a potential fraudster. The state of Texas has enacted a bill that enhances what HIPPA already has in place.

Few things are as personal, private, or important as medical records. Your Texas organization must know how to protect and secure sensitive medical information.

Texas House Bill 300 (TX HB 300) was signed by Texas Governor Rick Perry and took effect on September 1, 2012. Texas HB 300 revised and expanded the definition of a federal HIPAA covered entity in Texas. The Texas Health and Safety Code defines covered entities as any individual, business, or organization that:

  • Engages in the practice of assembling, collecting, analyzing, using, evaluating, storing or transmitting Protected Health Information (PHI).
  • Comes into possession of PHI.
  • Obtains or stores PHI.
  • Is an employee, agent, or contractor of a person or entity described above if they create, receive, obtain, maintain, use, or transmit PHI.

Some examples of a covered entity under Texas HB300 include: medical providers, hospitals, doctors, transportation, employees, churches, schools, labs, EMS/fire, imaging, accounting firms, disposal companies, and record storage.

Texas HB 300 requirements and penalties for covered entities include: (expansions of Tex. Health and Safety Code, §181.101)

  • Texas covered entities must now provide ongoing, customized training pertaining to PHI on both federal and state laws for employees within 60 days of hire and again at least once every two years.
  • Covered entities utilizing an electronic health records system must provide a record in electronic form to the patient within 15 business days of receiving a written request.
  • Covered entities must ensure that employees have a signed statement verifying that they were trained on HIPAA Privacy and Security. The covered entity must also maintain records of every employee’s HIPAA training.

Fines and Penalties: Texas civil penalties range from $5000 to $1.5 million for covered entities that wrongfully disclose Protected Healthcare Information (PHI). (Federal HIPAA Privacy and Security fines range from $100 to $1.5 million annually.)

Texas HB 300 can impose these fines in addition to any federal fines imposed by Health and Human Services. Negligence, intent, and evidence of frequency to constitute a pattern are all considered when assessing penalties.

Enforcement of TX HB 300: The Texas state Attorney General’s Office enforces TX HB 300. The Attorney General is required to maintain a website with information on consumer privacy rights, which state agencies regulate covered entities, information regarding each agency’s complaint enforcement process and their contact information. 

Breach Notifications: The new Texas law allows for civil penalties that can range from $5,000 to $1.5 million for data breaches. In addition to the increased civil penalties, a data breach may also be classified as a felony.

What makes HIPPA Training Solutions Different? 

  • Three online courses to meet your needs (Texas HB300, Advanced & Basic HIPAA Training)
  • Nurses and other professionals earn 2.9 Continuing Education Contact Hours
  • Designed by industry experts
  • Training on your schedule. Stop and start at your leisure.
  • Compatible with mobile devices
  • Text with optional narration
  • Meets NIST Guidelines
  • Immediate Certificate of Completion

HIPAA Training Solutions offers several courses to ensure a workforce stays compliant with the HIPAA and Texas H.B. 300 guidelines. Our courses focus on protecting and securing patient privacy and we commit to train those in contact with Protected Health Information (PHI). 

Michelle Bordovsky is the administrator of HIPAA Training Solutions and has been an educator for over 10 years. She has spent countless hours researching HIPAA privacy and security rules by consulting with The Office for Civil Rights, interviewing HIPAA compliance officers and other HIPAA experts. She is committed to producing quality online courses to train the workforce in securing sensitive patient information and providing learners with excellent customer service.