Lynn Sessions writes:
Texas Governor Rick Perry just signed a law protecting patients’ data in electronic health records and increasing penalties for violation of the health care privacy laws. In what was a heated legislative session, this bill passed both houses without opposition, signaling widespread support for a stronger stance on protecting patients’ health information. The new law becomes effective September 1, 2012.
The law requires compliance with HIPAA but increases penalties:
Most notably, the law substantially increases penalties for privacy violations from $2,500 per violation, to up to $5,000 per negligent violation, up to $25,000 per knowing or intentional violation, and up to $250,000 penalties if the disclosure is for financial gain. For repeat offenders, the maximum penalty is increased to $1.5 million. A health care provider’s professional or institutional license may also be revoke for repeated violations under the new law. With a single disclosure, a covered entity with Texas patients is potentially subject to substantial state and federal penalties depending on the violation.
Read more on Data Privacy Monitor. The law also grants the state the power to audit for compliance and imposes new obligations on the state.