Tex. Ins. Code Section 38.406
Data Privacy and Security

(a)

Information that may identify a patient is confidential and subject to applicable state and federal law relating to records privacy and protected health information, including Chapter 181 (Medical Records Privacy), Health and Safety Code, and is not subject to disclosure under Chapter 552 (Public Information), Government Code. Except as provided by Subsection (b), any information that may identify a health care provider, health benefit plan, health benefit plan issuer, or other payor is confidential and subject to applicable state and federal law relating to records privacy and protected health information, including Chapter 181 (Medical Records Privacy), Health and Safety Code, and is not subject to disclosure under Chapter 552 (Public Information), Government Code.

(b)

A qualified research entity with access to data or information that is contained in the database but not accessible through the portal described in Section 38.405 (Public Access Portal):

(1)

may use the data or information contained in the database only for purposes consistent with the purposes of this subchapter and must use the data or information in accordance with standards, requirements, policies, and procedures established by the center in consultation with the stakeholder advisory group;

(2)

may not sell or share any data or information contained in the database; and

(3)

may report or publish data or information that identifies one or more health care providers, health benefit plans, health benefit plan issuers, or other mandatory payors only if the report or publication is made available to the public at no cost.

(c)

A qualified research entity with access to information that is contained in the database but not accessible through the portal must execute an agreement with the center relating to the qualified research entity’s compliance with the requirements of Subsections (a) and (b), including the confidentiality of information contained in the database but not accessible through the portal.

(d)

Notwithstanding any provision of this subchapter, the department and the center may not disclose an individual’s protected health information in violation of any state or federal law.

(e)

The center shall include in the database only the minimum amount of protected health information identifiers necessary to link public and private data sources and the geographic and services data to undertake studies.

(f)

The center shall maintain protected health information identifiers collected under this subchapter but excluded from the database under Subsection (e) in a separate database. The separate database may not be aggregated with any other information and must use a proxy or encrypted record identifier for analysis.
Added by Acts 2021, 87th Leg., R.S., Ch. 333 (H.B. 2090), Sec. 1, eff. September 1, 2021.
Amended by:
Acts 2023, 88th Leg., R.S., Ch. 603 (H.B. 3414), Sec. 6, eff. June 11, 2023.

Source: Section 38.406 — Data Privacy and Security, https://statutes.­capitol.­texas.­gov/Docs/IN/htm/IN.­38.­htm#38.­406 (accessed May 11, 2024).

Green check means up to date. Up to date

Accessed:
May 11, 2024

§ 38.406’s source at texas​.gov