HipAa And Privacy Information

This section of our website is in development. We apologize for the inconvenience. This is due to the changes which are taking place in the Texas State Legislature.

State and Federal Privacy Laws

  • Texas Medical Records Act, Texas Health & Safety Code, Chapter 181 (HB 300)
  • The Identity Theft Enforcement & Protection Act, Texas Business & Commerce Code, Chapter 551
  • Texas Dental Practice Act, Texas Occupations Code, Ch 258.101, Subchapter C
  • HIPAA: Privacy, Security, and HITECH Acts


  • HIPAA – Health Insurance Portability and Accountability Act of 1996
  • HITECH – Health Information Technology for Economic and Clinical Health, part of the American Recovery and Reinvestment Act (ARRA) of 2009.
  • HHS Office of Civil Rights (OCR) Responsible for federal HIPAA enforcement.
  • Covered entity – In Texas, any person who assembles, collects, analyzes, uses, evaluates, stores or transmits protected health information.
  • Protected Health Information (PHI) – Any information that identifies a patient, dental record and payment info.
  • Disclosure – To release, transfer, provide access to or otherwise divulge information outside the office
  • TPO – Treatment, Payment, Health Care Operations
  • Privacy/Security Officer – The Officer responsible for developing & implementing privacy/security policies, procedures, & training. Also receives complaints.
  • Risk Analysis – Evaluation of the likelihood and impact of potential risks to electronic PHI.
  • Business Associate – Usually works on behalf of, or provide services to, a covered entity. Performs functions that involve the use or disclosure of PHI. HITECH requires business associate contracts.

Protected Health Information

Any of the following which may be connected to patient health information:

  • Names
  • Telephone Numbers
  • FAX Numbers
  • Email Addresses
  • Social Security Numbers
  • Medical record Numbers
  • Health Plan Beneficiary Numbers
  • Account Numbers
  • Certificate/License Numbers
  • Full Face Photos and Comparable Images

Employee training on state and federal privacy laws

  • 15 days to provide an electronic health record to a patient (rather than 30 days in federal law)
  • No sale of protected health information except to another covered entity for TPO

Posted notice of potential electronic disclosure of PHI

  • Requires oral or written authorization for each disclosure for reasons other than TPO
  • Requires the attorney general’s office to create a standard authorization form by January 2013
  • Increases civil penalties for violations.

More Information on HIPAA

Information from the Department of Health and Human Services:

You can find the Health Insurance Portability and Accountability Act of 1996 at the Link Below

Health Insurance Portability and Accountability Act