TMA Testifies on Patient Privacy Protections

Testimony: House Bill 300 by Representative Lois Kolkhorst (R-Brenham)

By: Bruce Malone, MD
March 16, 2011

House Committee on Public Health  

Good afternoon, Madame Chair and members of the Committee.  My name is Bruce Malone, MD, and I am a board-certified orthopedic surgeon in private practice in Austin, and president-elect of the Texas Medical Association (TMA).  Today, I am here representing the 45,000 physician members of TMA.  

As a citizen, I cannot think of anything that should be more private than my personal health information.   

As a physician, I cannot provide the best treatment to my patients unless they share with me all of their medical history.  That can include “sensitive health information” such as HIV, sexually transmitted diseases, mental health, drug and alcohol abuse, and domestic violence.  My patients share that information with me expecting that I will respect their privacy to the utmost.  

TMA is a strong proponent of protecting the privacy of Texas patients.  We were prepared to register in support of House Bill 300 by Chair Kolkhorst today.  And, I am confident that we can get there.  However, after reviewing the substitute draft of this bill last night, we still have a few concerns, which I will outline in a few minutes.  

First, I want to explain the principles for protection of medical record privacy that TMA adheres to when developing our statutory policy:   

  • Protections for the handling and transmission of medical information should apply to any entity in possession of or with access to such information regardless of the form in which it exists or is transmitted (paper, electronic, etc.).  Any penalties for the misuse of such information also shall apply to any entity violating privacy laws or regulations.
  • Consent for the use or release of medical information should meet specific standards.  Standards should be established to ensure such consent is understandable and clearly communicated.
  • Research activities should be protected but not at the expense of individual privacy.  Information should be required to be deidentified to support legitimate clinical research without unnecessary risk to the patient’s privacy.
  • Penalties should be severe and readily enforceable.  Given the potential financial gains from selling medical information, penalties must be severe to deter these lucrative activities.  There should be clear enforcement directives and the ability of an individual to seek redress in the courts should enforcement measures prove inadequate.
  • Patients should have the right to inspect and obtain copies of their medical records except for that information which, in the opinion of the health care professional, would cause harm to the patient or to others.  For example, if a patient’s wife discloses to a provider a substance abuse situation involving her husband. 


Many of TMA’s remaining concerns are minor, but a significant one in the committee substitute is the need to tighten the parameters by which a self-audit can be required and paid for by a provider.  These audits should not be required unless there is evidence of wrongdoing.  Recent reports indicate that private practice physicians are spending approximately $62,000 on implementation of electronic health records, which they can only hope meet the certification standards that continue to evolve.  Random audits without any evidence of wrongdoing or a pattern of abuse could curb a physician’s willingness to be in an electronic system. 

We also believe that giving this authority to the Health and Human Services Commission would be unprecedented. Currently, the commission does not regulate physicians.  The only entity in the state of Texas that regulates physician practices is and should continue to be the Texas Medical Board.  

In regard to the penalties section, it was our understanding that only when the evidence of violations of this chapter are “egregious” and constitute a pattern or practice, may the agency revoke the license or refer to the Attorney General’s office for civil penalties.  Instead, this substitute uses the word “serious” in lieu of “egregious.”  We are not sure what the legal definition of “serious” would mean.  It clearly connotes a standard less than “egregious,” and we believe it is ambiguous and vague.  

Finally, the Fifth Amendment provides protections against self-incrimination.  We would like to make the committee mindful that criminal penalties are available for provisions in this bill, and thus a possible mandatory self-audit puts an individual physician into the conundrum of choosing possible self-incrimination or disobeying the law.  Do we really intend to put physicians into that type of situation?  

In closing, TMA agrees in general with the goals of the Committee Substitute for House Bill 300, as it contains many of our core principles for elevating and protecting patient privacy.  We thank Chair Kolkhorst for her commitment to work with us on this legislation with TMA and other organizations to create a product that is understandable and gives all parties in health care clear paths to safely protect the patients we serve.

82nd Texas Legislature Testimonies

Last Updated On

May 20, 2016