The Protecting Patient Privacy in Texas (HB 300) Training helps healthcare providers understand their responsibilities under Texas law. Providers learn what defines a covered entity, as well as patients’ rights to access, amend, and restrict their health information. Additionally, they explore the required safeguards to protect PHI. By mastering these regulations, providers can ensure compliance, strengthen patient trust, and avoid legal and financial penalties.
What You Will Learn:
- What constitutes a covered entity under HB 300
- Patients’ right to access, amend, and restrict the use of their health information under Texas law
- Administrative, physical, and technical safeguards required to secure PHI
Details:
Course length: 30 minutes; CME: 0.5
Languages: American English
Key features: Audio narration, learning activity, and post-assessment.
American Medical Compliance is accredited by the Accreditation Council for Continuing Medical Education (ACCME) to provide continuing medical education to physicians. Our Continuing Medical Education (CME) program is committed to enhancing the knowledge, skills, and professional performance of healthcare providers to improve patient care outcomes. Through high-quality educational activities, we aim to address the identified educational gaps and to support the continuous professional development of our medical community. American Medical Compliance designates this activity for a maximum of 0.5 AMA PRA Category 1 Credits. Physicians should only claim this credit for their complete participation in this activity.
Get Certified
American Medical Compliance (AMC) is a leader in the industry for compliance, Billing, and HR solutions. To become certified, please visit us at: American Medical Compliance (AMC).
Reach out for other courses by visiting the AMC Course Library.
Overview of Texas HB 300 and its Importance
The Attorney General of Texas has adopted a standard Authorization to Disclose Protected Health Information in accordance with Texas Health & Safety Code § 181.154(d).
This form is intended for use in complying with the requirements of the Health Insurance Portability and Accountability Act and Privacy Standards (HIPAA) and the Texas Medical Privacy Act (Texas Health & Safety Code, Chapter 181).
Covered Entities may use this form or any other form that complies with HIPAA, the Texas Medical Privacy Act, and other applicable laws. Covered entities is that term is defined by HIPAA and Texas Health & Safety Code § 181.001. They must obtain a signed authorization from the individual or the individual’s legally authorized representative. This must occur in order to electronically disclose that individual’s protected health information.
This course teaches healthcare providers to follow Texas and HIPAA laws when disclosing PHI. They learn to use the Texas standard Authorization to Disclose PHI form or a compliant alternative. Providers also understand when to obtain patient or legal representative authorization for electronic disclosures. Following these regulations protects privacy, ensures compliance, and reduces penalties.
Defining Covered Entities under Texas HB 300
HIPAA Covered Component: Departments and or functions within Departments identified as a having access to Protected Health Information in accordance with HIPAA Section 164.504(b).
HIPAA Covered Workforce: Any employees whose job function is reasonably expected to encounter Protected Health Information (PHI) in fulfillment of job duties.
A Designated Records Set is a group of records that includes PHI and is maintained, collected, used or disseminated by or for the Covered Entity that serves to provide:
- The medical or billing information for an individual
- The enrollment, payment, claims adjudication, and/or case management activities which is maintained by or for a Health Plan
- Medical information used to make decisions about an individual
This course teaches healthcare providers about HIPAA regulations, the handling of protected health information (PHI), and their responsibilities in maintaining patient privacy. Providers learn which departments and employees qualify as HIPAA-covered entities and workforce members, as well as how designated record sets store medical, billing, and health plan information. They also understand how PHI is used in decision-making and compliance requirements. By mastering these concepts, providers ensure proper data management, protect patient privacy, and maintain regulatory compliance.
Penalties and Enforcement of Texas HB 300
In addition to penalties assessed under Subsection (a):
A person who fails to take reasonable action to comply with Section 521.053(b) is liable to this state for a civil penalty of not more than $100 for each individual to whom notification is due under that subsection for each consecutive day that the person fails to take reasonable action to comply with that subsection.
Civil penalties under this section may not exceed $250,000 for all individuals to whom notification is due after a single breach. The attorney general may bring an action to recover the civil penalties imposed under this subsection.
In sum, this course teaches healthcare providers the legal risks of noncompliance with Texas data breach laws. They learn about fines up to $250,000 per breach and the attorney general’s enforcement power. Providers also understand legal costs, including attorney’s fees and court expenses. Mastering these rules helps protect patient data, avoid penalties, and ensure compliance.
