89R3601 LRM-F
By: Hancock S.B. No. 1235
A BILL TO BE ENTITLED
AN ACT
relating to a patient's access to health records and access to and
exchange of certain health benefit plan information; authorizing a
civil penalty; authorizing fees.
BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:
SECTION 1. Section 15.05, Business & Commerce Code, is
amended by adding Subsection (a-1) to read as follows:
(a-1) It is unlawful for a person to place a restraint on
trade or commerce by intentionally violating federal laws
regulating information blocking, as that term is defined by 45
C.F.R. Section 171.103.
SECTION 2. Section 181.001(b), Health and Safety Code, is
amended by adding Subdivision (3-a) to read as follows:
(3-a) "Information blocking" has the meaning assigned
by 45 C.F.R. Section 171.103.
SECTION 3. Section 181.004(a), Health and Safety Code, is
amended to read as follows:
(a) A covered entity, as that term is defined by 45 C.F.R.
Section 160.103, shall comply with:
(1) the Health Insurance Portability and
Accountability Act and Privacy Standards; and
(2) federal laws regulating information blocking.
SECTION 4. Section 181.102, Health and Safety Code, is
amended to read as follows:
Sec. 181.102. CONSUMER ACCESS TO [ELECTRONIC] HEALTH
RECORDS. (a) Subject to the payment of fees required under this
section, a patient or the patient's legally authorized
representative on request is entitled to copies of the patient's
physical or electronic health records.
(b) Except as provided by Subsection (d) [(b)], if a health
care provider is using an electronic health records system that is
capable of fulfilling the request, the health care provider, as
soon as practicable but not later than the 15th business day after
the date the health care provider receives a written request from a
person for the person's electronic health record, shall provide the
requested record to the person in electronic form unless the person
agrees to accept the record in another form.
(c) Except as provided by Subsection (d) and Section
181.105, a health care provider's violation of federal laws
regulating information blocking constitutes a violation of this
section.
(d) [(b)] A health care provider is not required to provide
access to a person's protected health information that is excepted
from access, or to which access may be denied, under 45 C.F.R.
Section 164.524.
(e) [(c)] For purposes of this section [Subsection (a)],
the executive commissioner, in consultation with the department,
the Texas Medical Board, and the Texas Department of Insurance, by
rule may recommend a standard electronic format for the release of
requested health records. The standard electronic format
recommended under this section must be consistent, if feasible,
with federal law regarding the release of electronic health
records.
(f) A covered entity that receives a request from a patient
or the patient's legally authorized representative for a copy of
the patient's health records may charge a fee to produce those
records in an amount consistent with the requirements under 45
C.F.R. Section 164.524, except a covered entity may not charge an
aggregate amount that exceeds $100 to produce the records if:
(1) the patient is a Medicaid recipient; or
(2) the patient's household income is at or below 200
percent of the federal poverty level.
(g) A covered entity shall post in a conspicuous location
for patients requesting health records notice of the option to
obtain a copy of the patient's health records under Subsection (f).
(h) A covered entity may require a patient or the patient's
legally authorized representative to submit a written or electronic
request for copies of the patient's health records but may not
require a patient or the patient's legally authorized
representative to submit a request by facsimile.
(i) Unless explicitly authorized by state or federal law, a
covered entity may not enter into a contract with terms restricting
a patient or the patient's legally authorized representative from
accessing the patient's health records. Any contract clause or
provision that restricts a patient or the patient's legally
authorized representative from accessing the patient's health
records is unenforceable.
SECTION 5. Subchapter C, Chapter 181, Health and Safety
Code, is amended by adding Section 181.105 to read as follows:
Sec. 181.105. DISCLOSURE OF SENSITIVE TEST RESULT. (a) In
this section, "sensitive test result" means a:
(1) pathology or radiology report reasonably likely to
show a malignancy;
(2) test result revealing a genetic marker;
(3) positive test for the human immunodeficiency virus
if the patient has not been previously informed of a positive test
result for the virus; or
(4) result showing a presence of antigens indicating a
hepatitis infection.
(b) A health care provider may not electronically disclose a
sensitive test result to a patient before the third day after the
date the results are finalized unless the provider directs the
release of the results before that date.
SECTION 6. Section 181.201, Health and Safety Code, is
amended by amending Subsections (b) and (d) and adding Subsections
(g) and (h) to read as follows:
(b) In addition to the injunctive relief provided by
Subsection (a), the attorney general may institute an action for
civil penalties against a covered entity for a violation of this
chapter, other than a violation of Section 181.102. A civil
penalty assessed under this section may not exceed:
(1) $5,000 for each violation that occurs in one year,
regardless of how long the violation continues during that year,
committed negligently;
(2) $25,000 for each violation that occurs in one
year, regardless of how long the violation continues during that
year, committed knowingly or intentionally; or
(3) $250,000 for each violation in which the covered
entity knowingly or intentionally used protected health
information for financial gain.
(d) In determining the amount of a penalty imposed under
Subsections [Subsection] (b) and (g), the court shall consider:
(1) the seriousness of the violation, including the
nature, circumstances, extent, and gravity of the disclosure or
information blocking;
(2) the covered entity's compliance history;
(3) whether the violation poses a significant risk of
financial, reputational, or other harm to an individual whose
protected health information is involved in the violation;
(4) whether the covered entity was certified at the
time of the violation as described by Section 182.108;
(5) the amount necessary to deter a future violation;
[and]
(6) the covered entity's efforts to correct the
violation;
(7) the size and geographic location of the covered
entity; and
(8) the financial impact of the penalty on the covered
entity's financial viability and ability to adequately serve an
underserved community or population.
(g) In addition to the injunctive relief provided by
Subsection (a), the attorney general may institute an action for
civil penalties against a covered entity for a violation of Section
181.102. A civil penalty assessed under this subsection may not
exceed:
(1) $10,000 for each negligent violation, regardless
of the time the violation continues during any year; or
(2) $250,000 for each intentional violation committed
for the purpose of financial gain, regardless of the time the
violation continues during any year.
(h) If the court in a pending action under Subsection (g)
finds the violations occurred with a frequency constituting a
pattern or practice, the court may assess additional civil
penalties for each violation.
SECTION 7. Section 241.154(b), Health and Safety Code, is
amended to read as follows:
(b) Except as provided by Subsection (d), the hospital or
its agent may charge a reasonable fee for providing the health care
information except payment information and is not required to
permit the examination, copying, or release of the information
requested until the fee is paid unless there is a medical
emergency. The fee may not exceed the aggregate amount specified
under Section 181.102(f) and [sum of:
[(1) a basic retrieval or processing fee, which must
include the fee for providing the first 10 pages of the copies and
which may not exceed $30; and
[(A) a charge for each page of:
[(i) $1 for the 11th through the 60th page
of the provided copies;
[(ii) 50 cents for the 61st through the
400th page of the provided copies; and
[(iii) 25 cents for any remaining pages of
the provided copies; and
[(B) the actual cost of mailing, shipping, or
otherwise delivering the provided copies;
[(2) if the requested records are stored on microform,
a retrieval or processing fee, which must include the fee for
providing the first 10 pages of the copies and which may not exceed
$45; and
[(A) $1 per page thereafter; and
[(B) the actual cost of mailing, shipping, or
otherwise delivering the provided copies; or
[(3) if the requested records are provided on a
digital or other electronic medium and the requesting party
requests delivery in a digital or electronic medium, including
electronic mail:
[(A) a retrieval or processing fee, which may not
exceed $75; and
[(B)] the actual cost of mailing, shipping, or
otherwise delivering the provided copies.
SECTION 8. Subtitle A, Title 8, Insurance Code, is amended
by adding Chapter 1212 to read as follows:
CHAPTER 1212. ELECTRONIC ACCESS TO AND EXCHANGE OF CERTAIN HEALTH
BENEFIT PLAN INFORMATION
Sec. 1212.001. APPLICABILITY OF CHAPTER. (a) This chapter
applies only to a health benefit plan that provides benefits for
medical or surgical expenses incurred as a result of a health
condition, accident, or sickness, including an individual, group,
blanket, or franchise insurance policy or insurance agreement, a
group hospital service contract, or an individual or group evidence
of coverage or similar coverage document that is issued by:
(1) an insurance company;
(2) a group hospital service corporation operating
under Chapter 842;
(3) a health maintenance organization operating under
Chapter 843;
(4) an approved nonprofit health corporation that
holds a certificate of authority under Chapter 844;
(5) a multiple employer welfare arrangement that holds
a certificate of authority under Chapter 846;
(6) a stipulated premium company operating under
Chapter 884;
(7) a fraternal benefit society operating under
Chapter 885;
(8) a Lloyd's plan operating under Chapter 941; or
(9) an exchange operating under Chapter 942.
(b) Notwithstanding any other law, this chapter applies to:
(1) a basic coverage plan under Chapter 1551;
(2) a basic plan under Chapter 1575;
(3) a primary care coverage plan under Chapter 1579;
and
(4) a plan providing basic coverage under Chapter
1601.
Sec. 1212.002. CONSTRUCTION OF CHAPTER. This chapter may
not be construed to limit the requirements of Chapter 181, Health
and Safety Code.
Sec. 1212.003. RULEMAKING. The commissioner may adopt
rules necessary to implement this chapter.
Sec. 1212.004. REQUIRED APPLICATION PROGRAMMING
INTERFACES. (a) To facilitate patient and health care provider
access to health information, a health benefit plan issuer shall
establish and maintain the following application programming
interfaces for the benefit of all enrollees and contracted health
care providers, as applicable, as if the issuer were a Medicare
advantage organization:
(1) a patient access interface described by 42 C.F.R.
Sections 422.119(a)-(e);
(2) a provider directory interface described by 42
C.F.R. Section 422.120; and
(3) a payer-to-payer data exchange interface
described by 42 C.F.R. Section 422.121(b).
(b) In addition to the application programming interfaces
described by Subsection (a) and subject to Subsection (c), the
commissioner by rule may require a health benefit plan issuer to
establish and maintain the following application programming
interfaces after the date final rules associated with the
interfaces are published by the federal Centers for Medicare and
Medicaid Services:
(1) a provider access interface; and
(2) a prior authorization support interface.
(c) In implementing the requirements described by
Subsection (b), the commissioner shall adopt rules that conform to:
(1) any associated standard published in a final rule
issued by the Centers for Medicare and Medicaid Services; and
(2) federal effective dates, including enforcement
delays and suspension, issued by the Centers for Medicare and
Medicaid Services.
SECTION 9. If any provision of this Act or its application
to any person or circumstance is held invalid, the invalidity does
not affect other provisions or applications of this Act which can be
given effect without the invalid provision or application, and to
this end the provisions of this Act are severable.
SECTION 10. (a) The changes in law made by this Act to the
Business & Commerce Code and the Health and Safety Code apply only
to a violation of law that occurs on or after the effective date of
this Act. A violation that occurs before the effective date of this
Act is governed by the law in effect on the date the violation
occurred, and the former law is continued in effect for that
purpose. For purposes of this section, a violation of law occurred
before the effective date of this Act if any element of the
violation occurred before that date.
(b) Chapter 1212, Insurance Code, as added by this Act,
applies only to a health benefit plan delivered, issued for
delivery, or renewed on or after January 1, 2026.
SECTION 11. This Act takes effect September 1, 2025.