Current through Reg. 50, No. 13; March 28, 2025
(a) TDMHMR Central
Office and each facility, local authority, and community center shall comply
with all applicable federal and state statutes, rules and regulations
pertaining to privacy of protected health information (PHI) including, but not
limited to, the federal and state statutes, rules and regulations described in
§ 414.5 of this title (relating to Regulations and Statutes Governing
Confidentiality of Protected Health Information).
(1) As set forth in 45 CFR Part 160 Subpart
B, where a provision of 45 CFR Part 160 or 164 is contrary to a provision of
state law, the federal regulation preempts the state law unless the provision
of state law:
(A) is more stringent (as
defined) than the provision of the federal regulation;
(B) provides for the reporting of disease or
injury, child abuse, birth, or death, or for the conduct of public health
surveillance, investigation, or intervention; or
(C) requires a health plan to report, or to
provide access to, information for the purpose of management audits, financial
audits, program monitoring and evaluation, or the licensure or certification of
providers or persons.
(2) TDMHMR's "Interpretive Guidance on Laws
Pertaining to Privacy of Mental Health and Mental Retardation Records for the
TDMHMR Service Delivery System," referenced as Exhibit A in § 414.6 of
this title (relating to Exhibits), provides an interpretation of the applicable
federal and state statutes, rules and regulations described in § 414.5 of
this title, applying the preemption provisions described in paragraph (1) of
this subsection. TDMHMR Central Office and all facilities must comply with the
"Interpretive Guidance on Laws Pertaining to Privacy of Mental Health and
Mental Retardation Records for the TDMHMR Service Delivery System."
(b) Information to be included in
Notice of Privacy Practice.
(1) Each
facility, local authority, and community center shall include in its Notice of
Privacy Practice a statement that disclosures may be made between facilities,
local authorities, community centers, their respective contract providers, and
TDMHMR Central Office for the purpose of treatment, payment, or health care
operations without the individual's consent as permitted by Texas Health and
Safety Code, §
533.009.
(2) TDMHMR Central Office and each facility,
local authority, and community center shall include in its Notice of Privacy
Practice a statement:
(A) that identifies it
as a part of the TDMHMR service delivery system; and
(B) that individuals may file a complaint
with TDMHMR Consumer Services and Rights Protection/Ombudsman Office by calling
1-800-252-8154 or writing to P.O. Box 12668, Austin, TX 78711.
(c) Each facility,
local authority, and community center is responsible for ensuring that
contracts with its contract providers require compliance with subsection (a) of
this section.
