Texas Administrative Code
Title 28 - INSURANCE
Part 1 - TEXAS DEPARTMENT OF INSURANCE
Chapter 22 - PRIVACY
Subchapter B - INSURANCE CONSUMER HEALTH INFORMATION PRIVACY
Section 22.54 - Authorizations

Universal Citation: 28 TX Admin Code § 22.54

Current through Reg. 50, No. 13; March 28, 2025

An authorization required by this subchapter shall:

(1) be in writing or electronic form (if the consumer has agreed to conduct business with the covered entity electronically), and shall:

(A) state the identity of the consumer who is the subject of the nonpublic personal health information;

(B) describe:

(i) the types of nonpublic personal health information to be disclosed;

(ii) the parties to whom the covered entity discloses nonpublic personal health information;

(iii) the purpose of the disclosure;

(iv) how the information disclosed will be used; and

(v) the procedure for revoking the authorization.

(C) include the signature which (if the consumer has agreed to conduct business with the covered entity electronically) may be in electronic form, and date signed, of:

(i) the consumer who is the subject of the nonpublic personal health information; or

(ii) a person who is legally empowered to authorize disclosure of the subject consumer's nonpublic personal health information.

(D) provide notice:

(i) of the length of time for which the authorization is valid; and

(ii) that the consumer may revoke the authorization at any time.

(2) An authorization subject to this subchapter shall specify the period of time for which the authorization shall remain valid, but shall in no event be valid:

(A) in the case of an authorization signed by the consumer that is the subject of the nonpublic personal health information, for a period of more than 24 months from the date it was signed; and

(B) in the case of an authorization signed by another person who is legally empowered to authorize disclosure on behalf of the consumer, for a period that ends at the later of:

(i) the date the covered entity receives notice that the person has lost the legal capacity to authorize disclosure, or

(ii) 24 months from the date it was signed.

(3) A covered entity obtaining an authorization pursuant to this subchapter shall retain the original authorization or a copy thereof in its records of the consumer who is the subject of nonpublic personal health information.

(4) A covered entity may obtain a subsequent authorization to replace an authorization that has by its terms expired, provided that the subsequent authorization:

(A) complies with the requirements of paragraph (1)(C) of this section, and

(B) meets all other applicable requirements of this section.

Disclaimer: These regulations may not be the most recent version. Texas may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Webinars for All

Breaking Barriers, Building Belonging: Thriving in Law School as a First-Generation Student

Etienne C. Toussaint

Jun 25, 1 pm ET / 10 am PT

Rule 5.5 Demystified: What Every New Lawyer Needs to Know to Practice Ethically [CLE]

Scott Kozlov

Jun 26, 1 pm ET / 10 am PT

Shifting Sands: Adapting to the Latest Changes in Employment Immigration Law [CLE]

Charles H. Kuck

Greg Siskind

Jun 27, 2 pm ET / 11 am PT

View All Webinars ›

Justia Webinars are open to all, lawyers and non-lawyers. Lawyers, please visit individual webinar pages for more information about CLE accreditation.