Texas Administrative Code
Title 1 - ADMINISTRATION
Part 15 - TEXAS HEALTH AND HUMAN SERVICES COMMISSION
Chapter 390 - INFORMATION PRACTICES
Subchapter A - STANDARDS RELATING TO THE ELECTRONIC EXCHANGE OF HEALTH INFORMATION
Section 390.2 - Standards
Universal Citation: 1 TX Admin Code ยง 390.2
Current through Reg. 49, No. 38; September 20, 2024
(a) A covered entity that electronically exchanges, uses, or discloses PHI, at a minimum, must comply with the following standards for confidential information in any form, to the extent applicable:
(1) HIPAA Privacy, Security and Breach
Notification Regulations;
(2) the
Texas Medical Records Privacy Act, Chapter 181 of the Texas Health and Safety
Code;
(3) the Texas Identity Theft
Act, Chapter 521 of the Texas Business and Commerce Code; and
(4) any other applicable state or federal law
or regulation that requires that confidential information be safeguarded, used,
or disclosed only for authorized purposes by authorized users, including
without limitation:
(A) requirements
applicable to the following specific types of data:
(i) Cancer: Texas Health and Safety Code
§
RSA
82.008 and §
RSA
82.009; Title 25 Texas Administrative Code
(TAC) §91.9 (relating to Confidentiality and Disclosure);
(ii) HIV/AIDS: Texas Health and Safety Code
§
RSA
81.103, HIV/AIDS Test Results, and 40 TAC
§RSA
8.288(relating to Confidentiality of Test
Results);
(iii) Genetic: Genetic
Information Nondiscrimination Act of 2008 (GINA)
Pub. L. No.
110-233 and applicable regulations promulgated
under that act; Texas Insurance Code, Chapter 546, Subchapter C; Texas Labor
Code §
RSA
21.403 and §
RSA
21.404; Texas Occupations Code, Chapter
58;
(iv) Sexual assault: Texas
Health and Safety Code, Chapter, 44, Subchapter C;
(v) Communicable diseases: Texas Health and
Safety Code §
RSA
81.046; 25 TAC §
RSA
97.10(relating to Confidential Nature of Case
Reporting and Records);
(vi) Mental
health: Texas Health and Safety Code, Chapter 611, Mental Health
Records/Substance Abuse Records;
(vii) Substance abuse or substance use
disorder: 42 CFR Part 2, Confidentiality of Alcohol and Drug Abuse Patient
Records; Texas Health and Safety Code, Chapter 611, Mental Health
Records/Substance Abuse Records;
(viii) Immunizations: Texas Health and Safety
Code §
RSA
161.0073 and §
RSA
161.009; 25 TAC §
RSA
100.2(relating to Confidentiality);
(ix) Bureau of Vital Statistics: Texas
Government Code §
RSA
552.115; Texas Health and Safety Code
Chapters 192 and 193, §195.005; 25 TAC Chapter 181 (relating to Vital
Statistics);
(x) Reports of abuse
or neglect: Texas Human Resources Code, Chapter 48, Report of Abuse or Neglect
of Elderly or Disabled Persons; Texas Health and Safety Code §
RSA
161.132; Family Code Chapter 261, Reports of
Child Abuse;
(xi) Federal tax
information: Internal Revenue Code, Title 26,
RSA
6103; IRS Publication 1075;
(xii) Social Security Administration data:
RSA
1306, 20 CFR Part 401;
(xiii) Occupational diseases: Texas Health
and Safety Code §
RSA
84.006; 25 TAC §
RSA
99.1(relating to General
Provisions);
(xiv) Family planning:
25 TAC §RSA
56.11(relating to Confidentiality);
and
(xv) Recipients of government
benefits: requirements for use of disclosure of client information about or
concerning recipients of government benefits such as Medicaid, the Supplemental
Nutrition Assistance Program (SNAP), Temporary Assistance for Needy Families
(TANF), or the Children's Health Insurance Program (CHIP), by HHSC or its
designee(s), third party, or business associate:
RSA
272(SNAP);
RSA
205.50(TANF);
RSA 431.300 et
seq. (Medicaid);
RSA
457.1110(CHIP);
(B) requirements applicable to
data held by the following specific types of providers, facilities, and
services:
(i) Hospitals: Texas Health and
Safety Code, Chapter 241, Subchapter G, Hospital Disclosures of Health Care
Information; 25 TAC §
RSA
133.42(relating to Patient Rights);
(ii) Nursing facilities: Texas Health and
Safety Code, Chapter 242, §242.134 and §242.501(8), Nursing Home
Resident Rights; 40 TAC §RSA
19.407(relating to Privacy and
Confidentiality);
(iii)
Intermediate care facilities for persons with an intellectual disability or
related conditions (ICF/IID): Texas Health and Safety Code, Chapter 252,
§252.126 and §252.134;
(iv) Freestanding emergency medical care
facilities: Texas Health and Safety Code Chapter 254; 25 TAC §
RSA
131.53(relating to Medical
Records);
(v) Ambulatory surgical
centers: Texas Health and Safety Code, Chapter 243, 25 TAC §
RSA
135.5(relating to Patient Rights);
(vi) Emergency medical services: Texas Health
and Safety Code, Chapter 773, §§773.079 - 773.096; 25 TAC §
RSA
157.11(relating to Requirements for an EMS
Provider License);
(vii)
Physicians: Texas Occupations Code, Chapter 159, Physician-Patient
Communication;
(viii)
Chiropractors: Texas Occupations Code §§
RSA
201.402 -
RSA
201.405, Chiropractor-Patient
Confidentiality;
(ix) Dentists:
Texas Occupations Code §§
RSA
258.051 et seq., Dental-Patient
Confidentiality;
(x) Labs: Clinical
Laboratory Improvement Amendments (CLIA) (1988);
RSA
493.1291;
(xi) Pharmacists: Texas Occupations Code,
Chapter 562, §562.052, Confidential Records of Pharmacists;
(xii) Podiatrists: Texas Occupations Code,
Chapter 202, Subchapter I, §§202.401 et seq., Podiatrist Privilege
and Confidentiality;
(xiii)
Personal health record vendors: Health Breach Notification Rule for Vendors of
Personal Health Records, 16 CFR Part 318;
(xiv) End stage renal disease facilities:
Texas Health and Safety Code §
RSA
251.011; 25 TAC §
RSA
117.42(relating to Patient Rights);
(xv) Special care facilities (AIDS): 25 TAC
§RSA
125.33(relating to Resident
Rights);
(xvi) Private psychiatric
hospitals and crisis stabilization units: Texas Health and Safety Code §
RSA
577.013: 25 TAC Chapter 134 (relating to
Private Psychiatric Hospitals and Crisis Stabilization Units);
(xvii) Birthing centers: 25 TAC §
RSA
137.53(relating to Clinical
Records);
(xviii) Applicable health
professions regulated by 25 TAC Chapter 140 (relating to Health Professions
Regulation) confidentiality requirements under 25 TAC Chapter 140 or other
applicable law for, such as:
(I) licensed
chemical dependency counselors and treatment facilities, Texas Occupations Code
§
RSA
504.251; 25 TAC §
RSA
140.424(relating to Standards for Private
Practice); Texas Health and Safety Code, Chapter 464; 25 TAC Chapter 448
(relating to Standard of Care);
(II) medical radiologic technologists, 25 TAC
§RSA
140.514(relating to Disciplinary
Actions);
(III) dyslexia therapists
and dyslexia practitioners, 25 TAC §140.586(relating to Code of Ethics;
Duties and Responsibilities of License Holders); and
(IV) promotores or community health workers:
25 TAC §RSA
146.11(relating to Professional and Ethical
Standards); and
(C) requirements applicable to data about the
following specific types of individuals:
(i)
Minors: Texas Family Code §§
RSA
32.003,
RSA 32.004,
RSA
151.003,
RSA
153.073,
RSA
153.074, and
RSA
153.132; Texas Occupations Code §
RSA
159.005; Texas Civil Practice and Remedies
Code §
RSA
129.001;
(ii) Children with Special Health Care Needs
Services Program: 25 TAC §RSA
38.5(relating to Rights and Responsibilities
of a Client's Parents, Foster Parents, Guardian, or Managing Conservator, or an
Adult Client); and
(iii) Early and
Periodic Screening, Diagnosis, and Treatment: 25 TAC §
RSA
33.30(relating to Confidentiality of
Records).
(b) These standards do not apply to de-identified information.
Disclaimer: These regulations may not be the most recent version. Texas may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
