John K. Wisniewski, the CEO/executive director of the Bexar County Medical Society, is not happy with Texas’s new law (HB 300) that goes into effect this month. The law goes beyond what HIPAA requires:
The changes begin with a broadened definition of “covered entities,” to include almost anyone who handles protected health information. This may include business associates, healthcare payers, government units, schools, healthcare facilities, providers, researchers and physicians.
Covered entities are allowed to transmit protected health information for treatment, payment, health plan operations and insurance functions, and patients must be informed — through prominently displayed notices in public areas — that this disclosure may occur for authorized purposes. Other uses will require patient authorization.
Patient requests for their electronic health records must be fulfilled within 15 business days of a written query, just as physicians have been required to do for paper records under state law, compared to the 30 days allowed under HIPAA.
Health care workers also face stricter training requirements regarding privacy issues, and penalties for violations will be ramped up significantly under the new law.
Read more on My San Antonio.