SECTION 390.2. Standards


Latest version.
  • (a) A covered entity that electronically exchanges, uses, or discloses PHI, at a minimum, must comply with the following standards for confidential information in any form, to the extent applicable:

    (1) HIPAA Privacy, Security and Breach Notification Regulations;

    (2) the Texas Medical Records Privacy Act, Chapter 181 of the Texas Health and Safety Code;

    (3) the Texas Identity Theft Act, Chapter 521 of the Texas Business and Commerce Code; and

    (4) any other applicable state or federal law or regulation that requires that confidential information be safeguarded, used, or disclosed only for authorized purposes by authorized users, including without limitation:

    (A) requirements applicable to the following specific types of data:

    (i) Cancer: Texas Health and Safety Code §82.008 and §82.009; Title 25 Texas Administrative Code (TAC) §91.9 (relating to Confidentiality and Disclosure);

    (ii) HIV/AIDS: Texas Health and Safety Code §81.103, HIV/AIDS Test Results, and 40 TAC §8.288 (relating to Confidentiality of Test Results);

    (iii) Genetic: Genetic Information Nondiscrimination Act of 2008 (GINA) Pub. L. No. 110-233 and applicable regulations promulgated under that act; Texas Insurance Code, Chapter 546, Subchapter C; Texas Labor Code §21.403 and §21.404; Texas Occupations Code, Chapter 58;

    (iv) Sexual assault: Texas Health and Safety Code, Chapter, 44, Subchapter C;

    (v) Communicable diseases: Texas Health and Safety Code §81.046; 25 TAC §97.10 (relating to Confidential Nature of Case Reporting and Records);

    (vi) Mental health: Texas Health and Safety Code, Chapter 611, Mental Health Records/Substance Abuse Records;

    (vii) Substance abuse or substance use disorder: 42 CFR Part 2, Confidentiality of Alcohol and Drug Abuse Patient Records; Texas Health and Safety Code, Chapter 611, Mental Health Records/Substance Abuse Records;

    (viii) Immunizations: Texas Health and Safety Code §161.0073 and §161.009; 25 TAC §100.2 (relating to Confidentiality);

    (ix) Bureau of Vital Statistics: Texas Government Code §552.115; Texas Health and Safety Code Chapters 192 and 193, §195.005; 25 TAC Chapter 181 (relating to Vital Statistics);

    (x) Reports of abuse or neglect: Texas Human Resources Code, Chapter 48, Report of Abuse or Neglect of Elderly or Disabled Persons; Texas Health and Safety Code §161.132; Family Code Chapter 261, Reports of Child Abuse;

    (xi) Federal tax information: Internal Revenue Code, Title 26, 26 U.S.C. §6103; IRS Publication 1075;

    (xii) Social Security Administration data: 42 U.S.C. §1306, 20 CFR Part 401;

    (xiii) Occupational diseases: Texas Health and Safety Code §84.006; 25 TAC §99.1 (relating to General Provisions);

    (xiv) Family planning: 25 TAC §56.11 (relating to Confidentiality); and

    (xv) Recipients of government benefits: requirements for use of disclosure of client information about or concerning recipients of government benefits such as Medicaid, the Supplemental Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families (TANF), or the Children's Health Insurance Program (CHIP), by HHSC or its designee(s), third party, or business associate: 7 CFR §272 (SNAP); 45 CFR §205.50 (TANF); 42 CFR §§431.300 et seq. (Medicaid); 42 CFR §457.1110 (CHIP);

    (B) requirements applicable to data held by the following specific types of providers, facilities, and services:

    (i) Hospitals: Texas Health and Safety Code, Chapter 241, Subchapter G, Hospital Disclosures of Health Care Information; 25 TAC §133.42 (relating to Patient Rights);

    (ii) Nursing facilities: Texas Health and Safety Code, Chapter 242, §242.134 and §242.501(8), Nursing Home Resident Rights; 40 TAC §19.407 (relating to Privacy and Confidentiality);

    (iii) Intermediate care facilities for persons with an intellectual disability or related conditions (ICF/IID): Texas Health and Safety Code, Chapter 252, §252.126 and §252.134;

    (iv) Freestanding emergency medical care facilities: Texas Health and Safety Code Chapter 254; 25 TAC §131.53 (relating to Medical Records);

    (v) Ambulatory surgical centers: Texas Health and Safety Code, Chapter 243, 25 TAC §135.5 (relating to Patient Rights);

    (vi) Emergency medical services: Texas Health and Safety Code, Chapter 773, §§773.079 - 773.096; 25 TAC §157.11 (relating to Requirements for an EMS Provider License);

    (vii) Physicians: Texas Occupations Code, Chapter 159, Physician-Patient Communication;

    (viii) Chiropractors: Texas Occupations Code §§201.402 - 201.405, Chiropractor-Patient Confidentiality;

    (ix) Dentists: Texas Occupations Code §§258.051 et seq., Dental-Patient Confidentiality;

    (x) Labs: Clinical Laboratory Improvement Amendments (CLIA) (1988); 42 CFR §493.1291;

    (xi) Pharmacists: Texas Occupations Code, Chapter 562, §562.052, Confidential Records of Pharmacists;

    (xii) Podiatrists: Texas Occupations Code, Chapter 202, Subchapter I, §§202.401 et seq., Podiatrist Privilege and Confidentiality;

    (xiii) Personal health record vendors: Health Breach Notification Rule for Vendors of Personal Health Records, 16 CFR Part 318;

    (xiv) End stage renal disease facilities: Texas Health and Safety Code §251.011; 25 TAC §117.42 (relating to Patient Rights);

    (xv) Special care facilities (AIDS): 25 TAC §125.33 (relating to Resident Rights);

    (xvi) Private psychiatric hospitals and crisis stabilization units: Texas Health and Safety Code §577.013: 25 TAC Chapter 134 (relating to Private Psychiatric Hospitals and Crisis Stabilization Units);

    (xvii) Birthing centers: 25 TAC §137.53 (relating to Clinical Records);

    (xviii) Applicable health professions regulated by 25 TAC Chapter 140 (relating to Health Professions Regulation) confidentiality requirements under 25 TAC Chapter 140 or other applicable law for, such as:

    (I) licensed chemical dependency counselors and treatment facilities, Texas Occupations Code §504.251; 25 TAC §140.424 (relating to Standards for Private Practice); Texas Health and Safety Code, Chapter 464; 25 TAC Chapter 448 (relating to Standard of Care);

    (II) medical radiologic technologists, 25 TAC §140.514 (relating to Disciplinary Actions);

    (III) dyslexia therapists and dyslexia practitioners, 25 TAC §140.586 (relating to Code of Ethics; Duties and Responsibilities of License Holders); and

    (IV) promotores or community health workers: 25 TAC §146.11 (relating to Professional and Ethical Standards); and

    (C) requirements applicable to data about the following specific types of individuals:

    (i) Minors: Texas Family Code §§32.003, 32.004, 151.003, 153.073, 153.074, and 153.132; Texas Occupations Code §159.005; Texas Civil Practice and Remedies Code §129.001;

    (ii) Children with Special Health Care Needs Services Program: 25 TAC §38.5 (relating to Rights and Responsibilities of a Client's Parents, Foster Parents, Guardian, or Managing Conservator, or an Adult Client); and

    (iii) Early and Periodic Screening, Diagnosis, and Treatment: 25 TAC §33.30 (relating to Confidentiality of Records).

    (b) These standards do not apply to de-identified information.

Source Note: The provisions of this §390.2 adopted to be effective January 27, 2013, 38 TexReg 291