Texas Medical Privacy Compliance

Evaluate compliance with Texas Health & Safety Code Chapter 181 (Medical Records Privacy), covering protected health information, patient consent, disclosure requirements, and breach notification

HealthcareBiotech20 minutes20 questions

1. Authorization & Consent

Do you obtain written authorization before disclosing protected health information (PHI)?*

§181.154: Written authorization required unless exception applies

Do authorizations include all required elements (patient info, recipient, purpose, expiration)?*

§181.154(b): Specific content requirements for valid authorization

Are separate authorizations obtained for disclosing mental health and HIV/AIDS information?*

§181.154(c): Heightened protections for sensitive health information

Can patients revoke authorizations at any time?*

§181.154(e): Patients may revoke authorization except where acted upon

2. Disclosure Requirements

Do you limit disclosures to the minimum necessary information?*

§181.154(a): Disclose only information specifically authorized

Are disclosures for treatment, payment, and operations permitted without authorization?*

§181.154(d): TPO exceptions align with HIPAA

Do you maintain records of all PHI disclosures?*

§181.154(f): Document disclosures for accounting purposes

Are genetic information disclosures subject to additional restrictions?*

§181.151: Genetic information has heightened protections

3. Patient Access Rights

Do you provide patients with access to their medical records upon request?*

§181.153: Right to examine and copy health care information

Do you respond to access requests within 15 business days?*

§181.153(c): Provide access as soon as reasonably possible, typically 15 days

Do you charge reasonable, cost-based fees for copying records?*

§181.153(e): Fees limited to actual cost of copying, not exceeding statutory maximum

Can patients request amendments to inaccurate health information?*

§181.153(f): Right to amend or correct erroneous information

4. Security & Safeguards

Are administrative, technical, and physical safeguards implemented to protect PHI?*

§181.201: Safeguard confidentiality, integrity, and availability of PHI

Is electronic PHI encrypted during transmission and storage?*

§181.201(c): Encryption mitigates breach notification requirements

Do you conduct regular risk assessments of PHI security?*

§181.201: Identify vulnerabilities and implement appropriate safeguards

5. Breach Notification

Do you notify affected individuals within 60 days of discovering a breach?*

§181.201(b): Notification required unless encrypted or risk assessment shows no harm

Do breach notifications include required content (incident description, mitigation, contact info)?*

§181.201(b)(3): Notice must explain breach and steps to protect individuals

If breach affects encrypted data, is notification still provided when appropriate?*

§181.201(c): Encryption safe harbor unless decryption key also breached

6. Business Associate Agreements

Are business associate agreements (BAAs) executed with all service providers accessing PHI?*

§181.103: Business associates must comply with Chapter 181 requirements

Do BAAs require business associates to implement appropriate safeguards?*

§181.103: BAs bound to same obligations as covered entities

Please answer all required questions to see your results