At a time when many in the health law arena are seemingly questioning the degree to which providers are seeking to protect the privacy of their patients, the state of Texas has taken steps to further safeguard privileged health information.
This month, the state’s Medical Records Privacy Act (MRPA) was officially amended, expanding the current protections for patient medical records—and, according to attorneys at McGuireWoods LLP, going beyond the provisions of The Health Insurance Portability and Accountability Act of 1996 (HIPAA).
A hallmark of the new regulations is the extensive mandatory training that is now required. As McGuire Woods attorneys noted, “New employees must be trained within 60 days of their hire date on both the MRPA and HIPAA as they relate to the covered entity’s particular course of business and the employee’s scope of employment. Furthermore, all employees of a covered entity must be retrained biannually on both the MRPA and HIPAA.”
The law also expands the list of people required to comply; along with medical professionals, schools, government officials, and “any person who maintains an Internet site” are now designated as “covered entities.” Further, “the amended MRPA also imposes new and unique requirements regarding a patient’s rights with respect to the patient’s protected health information,” including quicker access to electronic copies of medical records and the required posting of a notice of potential disclosure.
Despite their likely benefits for patients, ome experts have pointed out that the regulations may pose some challenges for providers. Along with the new requirements, the civil penalties that violators incur are much more severe than under the former law.
As physician Matt Murray noted in an article on the Texas Medical Liability Trust Web site, the new law “is more protective of patients, but increases cyber liability risks for physicians.” To that end, he advised that physicians “consider purchasing cyber liability insurance,” as well as perhaps seeking the advice of an attorney well-versed in MRPA compliance.