84R7121 SCL-F
By: Zerwas H.B. No. 1319
A BILL TO BE ENTITLED
AN ACT
relating to use of health information technology in this state;
creating a criminal offense.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Title 4, Civil Practice and Remedies Code, is
amended by adding Chapter 74A to read as follows:
CHAPTER 74A. LIMITATION OF LIABILITY RELATING TO HEALTH
INFORMATION EXCHANGES
Sec. 74A.001. DEFINITIONS. In this chapter:
(1) "Health care provider" means any individual,
partnership, professional association, corporation, facility, or
institution duly licensed, certified, registered, or chartered by
this state to provide health care or medical care, including a
physician. The term includes:
(A) an officer, director, shareholder, member,
partner, manager, owner, or affiliate of a physician or other
health care provider; and
(B) an employee, independent contractor, or
agent of a physician or other health care provider acting in the
course and scope of the employment or contractual relationship.
(2) "Health information exchange" has the meaning
assigned by Section 182.151, Health and Safety Code. The term
includes:
(A) an officer, director, shareholder, member,
partner, manager, owner, or affiliate of the health information
exchange; and
(B) an employee, independent contractor, or
agent of the health information exchange acting in the course and
scope of the employment or contractual relationship.
(3) "Physician" means:
(A) an individual licensed to practice medicine
in this state under Subtitle B, Title 3, Occupations Code;
(B) a professional association organized by an
individual physician or a group of physicians;
(C) a partnership or limited liability
partnership formed by a group of physicians;
(D) a limited liability company formed by a group
of physicians;
(E) a nonprofit health corporation certified by
the Texas Medical Board under Chapter 162, Occupations Code; or
(F) a single legal entity authorized to practice
medicine in this state owned by a group of physicians.
Sec. 74A.002. LIMITATION ON LIABILITY OF HEALTH CARE
PROVIDERS RELATING TO HEALTH INFORMATION EXCHANGES. (a) The use
of, failure to use, or existence of a health information exchange
does not establish a standard of care applicable to a health care
provider for obtaining, using, or disclosing patient information.
(b) Unless a health care provider acts with intent or gross
negligence, the health care provider is not liable for any damages,
penalties, or other relief related to:
(1) the health care provider's or another health care
provider's obtainment of or failure to obtain patient information
from a health information exchange;
(2) the health care provider's or another health care
provider's disclosure of or failure to disclose patient information
to a health information exchange;
(3) the health care provider's or another health care
provider's reliance on inaccurate patient information obtained
from or disclosed by a health information exchange; or
(4) the obtainment, use, or disclosure by a health
information exchange, another health care provider, or any other
person, in violation of federal or state law, of any patient
information that the health care provider provided to a health
information exchange or to another health care provider in
compliance with the Health Insurance Portability and
Accountability Act of 1996 (42 U.S.C. Section 1320d et seq.) and
other applicable federal and state law.
(c) Nothing in this section may be construed to create a
cause of action or to create a standard of care, obligation, or duty
that provides a basis for a cause of action.
Sec. 74A.003. LIMITATION ON LIABILITY OF HEALTH INFORMATION
EXCHANGES. (a) Unless a health information exchange acts with
intent or gross negligence, the health information exchange is not
liable for any damages, penalties, or other relief related to:
(1) a health care provider's obtainment of or failure
to obtain patient information from the health information exchange;
(2) a health care provider's disclosure of or failure
to disclose patient information to the health information exchange;
(3) a health care provider's reliance on inaccurate
patient information obtained from or disclosed by the health
information exchange; or
(4) the obtainment, use, or disclosure by a health
care provider or any other person, in violation of federal or state
law, of any patient information that was provided to the person by
the health information exchange in compliance with:
(A) the Health Insurance Portability and
Accountability Act of 1996 (42 U.S.C. Section 1320d et seq.) and
other applicable federal and state law; and
(B) the health information exchange's policies.
(b) Nothing in this section may be construed to create a
cause of action or to create a standard of care, obligation, or duty
that provides a basis for a cause of action.
SECTION 2. Section 531.0162, Government Code, is amended by
adding Subsections (e) and (f) to read as follows:
(e) The executive commissioner shall ensure that:
(1) all information systems available for use by the
commission or a health and human services agency in sending
protected health information to a health care provider or receiving
protected health information from a health care provider, and for
which planning or procurement begins on or after September 1, 2015,
are capable of sending or receiving that information in accordance
with the applicable data exchange standards developed by the
appropriate standards development organization accredited by the
American National Standards Institute;
(2) if national data exchange standards do not exist
for a system described by Subdivision (1), the commission makes
every effort to ensure the system is interoperable with the
national standards for electronic health record systems; and
(3) the commission and each health and human services
agency establish an interoperability standards plan for all
information systems that exchange protected health information
with health care providers.
(f) Not later than December 1 of each even-numbered year,
the executive commissioner shall report to the governor and the
Legislative Budget Board on the commission's and the health and
human services agencies' progress in ensuring that the information
systems described in Subsection (e) are interoperable with one
another and meet the appropriate standards specified by that
subsection.
SECTION 3. Section 81.044(a), Health and Safety Code, is
amended to read as follows:
(a) The board shall prescribe the form and method of
reporting under this chapter, which may be in writing, by
telephone, by electronic data transmission, through a health
information exchange as defined by Section 182.151 if requested and
authorized by the person required to report, or by other means.
SECTION 4. Section 82.008(a), Health and Safety Code, is
amended to read as follows:
(a) To ensure an accurate and continuing source of data
concerning cancer, each health care facility, clinical laboratory,
and health care practitioner shall furnish to the department [board
or its representative], on request, data the board considers
necessary and appropriate that is derived from each medical record
pertaining to a case of cancer that is in the custody or under the
control of the health care facility, clinical laboratory, or health
care practitioner. The department may not request data that is more
than three years old unless the department is investigating a
possible cancer cluster. At the request and with the authorization
of the applicable health care facility, clinical laboratory, or
health care practitioner, data may be furnished to the department
through a health information exchange as defined by Section
182.151.
SECTION 5. Section 161.007(d), Health and Safety Code, is
amended to read as follows:
(d) A health care provider who administers an immunization
to an individual younger than 18 years of age shall provide data
elements regarding an immunization to the department. A health
care provider who administers an immunization to an individual 18
years of age or older may submit data elements regarding an
immunization to the department. At the request and with the
authorization of the health care provider, the data elements may be
provided through a health information exchange as defined by
Section 182.151. The data elements shall be submitted in a format
prescribed by the department. The department shall verify consent
before including the information in the immunization
registry. The department may not retain individually identifiable
information about an individual for whom consent cannot be
verified.
SECTION 6. Section 161.00705(a), Health and Safety Code, is
amended to read as follows:
(a) The department shall maintain a registry of persons who
receive an immunization, antiviral, and other medication
administered to prepare for a potential disaster, public health
emergency, terrorist attack, hostile military or paramilitary
action, or extraordinary law enforcement emergency or in response
to a declared disaster, public health emergency, terrorist attack,
hostile military or paramilitary action, or extraordinary law
enforcement emergency. A health care provider who administers an
immunization, antiviral, or other medication shall provide the data
elements to the department. At the request and with the
authorization of the health care provider, the data elements may be
provided through a health information exchange as defined by
Section 182.151.
SECTION 7. Section 161.00706(b), Health and Safety Code, is
amended to read as follows:
(b) A health care provider, on receipt of a request under
Subsection (a)(1), shall submit the data elements to the department
in a format prescribed by the department. At the request and with
the authorization of the health care provider, the data elements
may be submitted through a health information exchange as defined
by Section 182.151. The department shall verify the person's
request before including the information in the immunization
registry.
SECTION 8. Chapter 182, Health and Safety Code, is amended
by adding Subchapter D to read as follows:
SUBCHAPTER D. HEALTH INFORMATION EXCHANGES
Sec. 182.151. DEFINITION. In this subchapter, "health
information exchange" means an organization that:
(1) assists in the transmission or receipt of
health-related information among organizations transmitting or
receiving the information according to nationally recognized
standards and under an express written agreement with the
organizations;
(2) as a primary business function, compiles or
organizes health-related information designed to be securely
transmitted by the organization among physicians, other health care
providers, or entities within a region, state, community, or
hospital system; or
(3) assists in the transmission or receipt of
electronic health-related information among physicians, other
health care providers, or entities within:
(A) a hospital system;
(B) a physician organization;
(C) a health care collaborative, as defined by
Section 848.001, Insurance Code;
(D) a Pioneer Model accountable care
organization established under the initiative by the Centers for
Medicare and Medicaid Services Innovation Center; or
(E) an accountable care organization
participating in the Medicare Shared Savings Program under 42
U.S.C. Section 1395jjj.
Sec. 182.152. AUTHORITY OF HEALTH INFORMATION EXCHANGE.
(a) Notwithstanding Sections 81.046, 82.009, and 161.0073, a health
information exchange may access and transmit health-related
information under Sections 81.044(a), 82.008(a), 161.007(d),
161.00705(a), and 161.00706(b) if the access or transmittal is:
(1) made for the purpose of assisting in the reporting
of health-related information to the appropriate agency;
(2) requested and authorized by the appropriate health
care provider, practitioner, physician, facility, clinical
laboratory, or other person who is required to report
health-related information; and
(3) made in accordance with the requirements of this
subchapter and all other state and federal law.
(b) A health information exchange may only use and disclose
the information that it accesses or transmits under Subsection (a)
in compliance with this subchapter and all applicable state and
federal law, and may not exchange, sell, trade, or otherwise make
any prohibited use or disclosure of the information.
Sec. 182.153. COMPLIANCE WITH LAW; SECURITY. A health
information exchange that collects, transmits, disseminates,
accesses, or reports health-related information under this
subchapter shall comply with all applicable state and federal law,
including secure electronic data submission requirements.
Sec. 182.154. CRIMINAL PENALTY. (a) A person who collects,
transmits, disseminates, accesses, or reports information under
this subchapter on behalf of or as a health information exchange
commits an offense if the person, with the intent to violate this
subchapter, allows health-related information in the possession of
a health information exchange to be used or disclosed in a manner
that violates this subchapter.
(b) An offense under this section is a Class A misdemeanor.
SECTION 9. Chapter 74A, Civil Practice and Remedies Code,
as added by this Act, applies only to a cause of action that accrues
on or after the effective date of this Act. A cause of action that
accrues before the effective date of this Act is governed by the law
in effect immediately before the effective date of this Act, and
that law is continued in effect for that purpose.
SECTION 10. This Act takes effect September 1, 2015.