The Texas Health Services Authority, a public-private partnership to advance health information exchange in the state, is readying a voluntary HIPAA Covered Entity Privacy and Security Certification Program authorized in a 2011 state law.

The goal is to enhance compliance with HIPAA and reduce state and/or federal fines for breaches by demonstrating good faith efforts to secure protected health information. The HHS Office for Civil Rights enforces HIPAA at the federal level and has on occasion issued heavy fines against organizations for failure to secure PHI, as well as requiring implementation of corrective action plans. The Texas Medical Records Privacy Act also authorizes fines ranging from $5,000 per violation to a maximum of $1.5 million.

Ready or Not, Here Come HIPAA Audits

HITRUST, a health industry consortium best known for developing the Common Security Framework of best practices, has received a contract from the Texas Health Services Authority to create and conduct the certification program.

The program will assess compliance against controls specified in the Common Security Framework, along with controls relevant to complying with Texas law. Providers are expected to enable smaller entities to conduct a remote assessment. More information is available at, and

Register or login for access to this item and much more

All Health Data Management content is archived after seven days.

Community members receive:
  • All recent and archived articles
  • Conference offers and updates
  • A full menu of enewsletter options
  • Web seminars, white papers, ebooks

Don't have an account? Register for Free Unlimited Access