HB 300: What you need to know NOW
The deadline for implementing HB300 policy changes is looming! As always, we are here for your protection, so we give you the two most important words to survive the coming storm: Revise and Encrypt.
HB 300 isn't technically a new HIPAA law. It is an updated to the Texas Medical Privacy Act and is a sign of the times. Health and Human Services Department tasked the states with updating and enforcing patient privacy rules. Somehow, everyone is calling it the Texas HIPAA Law. Basically, that is correct. HB300 does not do away with HIPAA. It only increases the security measures and penalties behind it.
There are a few things you must do before Oct 31, 2012. You must revise your employee training, policies on patient’s access to electronic health information, your privacy practices, and your business associate agreements. You must train all new employees within their first two months of employment. Train them according to their access and handling of protected health information. The patient’s access to their electronic health information is fairly straightforward: You must now provide patient records within 15 days- not 30.
Your business associates’ access to any protected health information makes you the one accountable for any breaches, leaks or compromises. Revise your business associates’ agreements to include an immediate notification when a breach occurs, assigning a person in charge for notifying the affected patient, evidence that the business associate conducts a yearly security analysis and provides annual training for employees.
Since your information zips through cyberspace, you must put a tighter leash around your protected information. Encryption is absolutely necessary when dealing with patients’ private information and this includes portable devices as well. For an additional safe wall, cyber liability insurance is available.
New policies usually feel like an unnecessary pain, but they are in place to help you and your patients. If that is not reason enough to set the cranks in motion, be aware that you can be fined $5000 for the negligent leakage of protected information and $1.5 million if there is a provable pattern of leakage for monetary gain. So if just to protect your pocketbook, please remember: Revise and Encrypt.
This is a simple overview of HB300 changes to Texas Law. For more in-depth training and a review of pertinent HIPAA rules check out our upcoming webinars and classes where we will train your staff and walk you through the changes that must be made to comply with Texas increased HIPAA enforcement. You will leave the class with the curriculum and tools needed to train your staff and manage the new changes.