Protecting Patient Information Without Additional Burdens

TMA Written Testimony

House Committee on Business and Industry
House Bill 4390 by Rep. Capriglione | House Bill 4518 by Rep. Martinez Fischer

April 2, 2019

Chair Martinez Fisher and committee, the Texas Medical Association (TMA), representing nearly 53,000 physicians and medical students appreciates the opportunity to express concerns with House Bills 4390 and 4518. TMA has been a longtime advocate for protection of sensitive data and patient privacy, as one of the lone supporters of House Bill 300 in 2011. Patient privacy and confidentiality maintained through secure systems and transmission methods has long been a core principle for our organization.

We believe there was intention by the authors to exclude health care providers and health care related data. Unfortunately, the exemptions in each of these bills as filed may be insufficient to completely exclude health care providers, so physicians would nevertheless be subject to another complex layer of privacy regulations. TMA details these concerns regarding these well-intentioned attempts to strengthen consumers’ privacy below:

The exemptions in House Bills 4390 and 4518 relating to health care providers and data are sufficiently broad. HB 4390 and 4518 each include provisions that exempt to only a limited extent the information with which a physician may come into contact in the provision of health care services to a person. Both bills exempt “protected health information” under the Texas Medical Records Privacy Act (TMRPA) or under HIPAA’s privacy, security, and breach notification rules. The significant problem with this still narrow exemption is that “protected health information” would represent only a subset of the broadly defined “personal identifying information” regulated in HB 4390 and “personal information” that is regulated in HB 4518. 

HB 4518 does include an additional exemption, stating that health care providers under the TMRPA or covered entities under HIPAA regulations would additionally not be subject to this bill’s regulations, but that applies only “to the extent that the provider or entity maintains the personal information of a patient in the same manner as [PHI].” In other words, physicians would have to treat all “personal information” of a patient – an extraordinarily broadly defined set of information relating to a person – as if it were PHI under HIPAA regulations and the TMRPA in order to fall under the exemption. 

TMA is thus concerned that even if physicians already comply with currently applicable privacy regulations from HIPAA and state privacy law, this bill would require them to comply with yet another layer of regulation.

These bills add privacy protections that are duplicative with current state and federal law. Texas already has some of the most stringent privacy protection laws in the country. Between the federal Health Insurance Portability and Accountability Act (HIPAA); Health Information Technology for Economic and Clinical Health (HITECH) Act and associated regulations; the state Texas Medical Records Privacy Act; and the Texas Identity Theft Enforcement and Protection Act, there are multiple layers of protection of an individual’s health information. Despite an already robust framework for protection of health information, this bill would add an additional layer of complexity for compliance health data privacy regulations.

We thank you for the opportunity to share our comments and concerns on these important matters intended to guard the privacy of consumer records. We offer our assistance as you deliberate these topics.   

86th Texas Legislature Letters and Testimonies

TMA Legislative main page

Last Updated On

April 02, 2019

Related Content

HIPAA | Texas legislation