Texas legislators have made the state one of a handful offering physicians liability protection when using electronic health records and participating in a Health Information Exchange (HIE).
While the expanding role of health information technology brings value through increased sharing of patient data and better care coordination, its growth also brings liability concerns to providers as cyber criminals expand their activities by targeting sensitive patient information. According to the Identity Theft Resource Center (ITRC), more than 169 million personal records were compromised in 2015 as a result of reported data breaches. While the breaches occurred across a range of industries from financial to education and the government, the ITRC reports that more than 67 percent or 112,832,082 of the compromised records came from the medical and healthcare industry.
In response, legislators adopted House Bill 2641 during the 2015 legislative session providing protections for health care providers if they participate in an HIE. The new law, which received overwhelming bipartisan support in both the Texas House of Representatives and Senate, states that unless a health care provider acts with intent or gross negligence in providing patient information to a health information exchange or another provider, the provider is not liable for any damages, penalties, or other relief related to the obtainment, use, or disclosure of the patient information by a health information exchange, another health care provider, or any other person that is in violation of federal or state law.
The new law does not affect a provider’s responsibilities to comply with state and federal privacy laws nor does it relieve them of their notification requirements should they be involved in a data breach, but it does put in place strong protection for providers participating in an HIE.
The adoption of HB 2641 reinforces the state’s ongoing commitment to foster the use and exchange of electronic health records to improve the quality, efficiency and safety of health care in Texas. In 2011, legislation was adopted which resulted in the creation of the SECURETexas program which allows its certification to be used as a mitigating factor for any civil or administrative penalties resulting from violations of the Texas Medical Records Privacy Act by individuals or organizations that use, store and/or exchange patient health information. You can learn more about the SECURETexas program by visiting: http://securetexas.org/.