88R12984 JG-D
By: Vasut H.B. No. 4589
A BILL TO BE ENTITLED
AN ACT
relating to restrictions on the use of digital identification
systems for patient health care records.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Subtitle I, Title 2, Health and Safety Code, is
amended by adding Chapter 183 to read as follows:
CHAPTER 183. DIGITAL IDENTIFICATION SYSTEMS FOR HEALTH CARE
RECORDS
Sec. 183.001. DEFINITIONS. In this chapter:
(1) "Covered entity" has the meaning assigned by
Section 181.001.
(2) "Digital identification system" means an
electronic system that uses digital technology throughout the
process of identifying an individual, including:
(A) data capture, validation, storage, and
transfer;
(B) credential management; and
(C) identity verification and authentication.
(3) "Health care provider" means a person who is
licensed, certified, or otherwise authorized to provide or render
health care in this state in the ordinary course of business or
practice of a profession.
Sec. 183.002. CONSENT REQUIREMENT FOR USE OF DIGITAL
IDENTIFICATION SYSTEMS. (a) Unless a covered entity or health care
provider obtains a patient's written informed consent, the entity
or provider may not:
(1) use a digital identification system, including a
system created or operated by this state, to store a patient's
health care records, including genetic or biological information;
or
(2) require the use of a digital identification system
for a patient to access the patient's health care records.
(b) A health care provider may not coerce a patient to
consent to the use of a digital identification system, including by
requiring consent as a condition of receiving health care services
or treatment from the provider.
Sec. 183.003. COMMERCIAL USE PROHIBITED WITHOUT
COMPENSATION. A covered entity or health care provider who obtains
a patient's written informed consent under Section 183.002 may not
use the patient's health care records for commercial gain in any
manner unless the entity or provider provides reasonable
compensation to the patient.
Sec. 183.004. CONFIDENTIALITY. (a) A covered entity or
health care provider who obtains a patient's written informed
consent under Section 183.002 shall ensure the patient's health
care records are kept confidential in accordance with applicable
state and federal law.
(b) A covered entity or health care provider shall ensure
that a patient's health care records do not include identifying
information when the entity or provider shares the records in
accordance with the patient's written informed consent provided
under Section 183.002.
Sec. 183.005. ENFORCEMENT. A violation of this chapter by a
covered entity or health care provider constitutes a violation of
Chapter 181 and the entity or provider is subject to enforcement
actions under Subchapter E of that chapter, including disciplinary
action by the appropriate licensing authority.
Sec. 183.006. RULES. The executive commissioner shall
adopt rules to implement this chapter.
SECTION 2. Chapter 183, Health and Safety Code, as added by
this Act, applies only to the use of a digital identification system
that occurs on or after the effective date of this Act.
SECTION 3. This Act takes effect September 1, 2023.