Current through Reg. 49, No. 38; September 20, 2024
(a) TDMHMR Central Office and each facility,
local authority, and community center shall comply with all applicable federal
and state statutes, rules and regulations pertaining to privacy of protected
health information (PHI) including, but not limited to, the federal and state
statutes, rules and regulations described in § 414.5 of this title
(relating to Regulations and Statutes Governing Confidentiality of Protected
Health Information).
(1) As set forth in 45
CFR Part 160 Subpart B, where a provision of 45 CFR Part 160 or 164 is contrary
to a provision of state law, the federal regulation preempts the state law
unless the provision of state law:
(A) is
more stringent (as defined) than the provision of the federal
regulation;
(B) provides for the
reporting of disease or injury, child abuse, birth, or death, or for the
conduct of public health surveillance, investigation, or intervention;
or
(C) requires a health plan to
report, or to provide access to, information for the purpose of management
audits, financial audits, program monitoring and evaluation, or the licensure
or certification of providers or persons.
(2) TDMHMR's "Interpretive Guidance on Laws
Pertaining to Privacy of Mental Health and Mental Retardation Records for the
TDMHMR Service Delivery System," referenced as Exhibit A in § 414.6 of
this title (relating to Exhibits), provides an interpretation of the applicable
federal and state statutes, rules and regulations described in § 414.5 of
this title, applying the preemption provisions described in paragraph (1) of
this subsection. TDMHMR Central Office and all facilities must comply with the
"Interpretive Guidance on Laws Pertaining to Privacy of Mental Health and
Mental Retardation Records for the TDMHMR Service Delivery System."
(b) Information to be included in
Notice of Privacy Practice.
(1) Each
facility, local authority, and community center shall include in its Notice of
Privacy Practice a statement that disclosures may be made between facilities,
local authorities, community centers, their respective contract providers, and
TDMHMR Central Office for the purpose of treatment, payment, or health care
operations without the individual's consent as permitted by Texas Health and
Safety Code, §
533.009.
(2) TDMHMR Central Office and each facility,
local authority, and community center shall include in its Notice of Privacy
Practice a statement:
(A) that identifies it
as a part of the TDMHMR service delivery system; and
(B) that individuals may file a complaint
with TDMHMR Consumer Services and Rights Protection/Ombudsman Office by calling
1-800-252-8154 or writing to P.O. Box 12668, Austin, TX 78711.
(c) Each facility,
local authority, and community center is responsible for ensuring that
contracts with its contract providers require compliance with subsection (a) of
this section.
