Texas to Providers: Get Privacy/Security Certified
The Texas Health Services Authority, a public-private partnership to advance health information exchange in the state, is readying a voluntary HIPAA Covered Entity Privacy and Security Certification Program authorized in a 2011 state law.
The goal is to enhance compliance with HIPAA and reduce state and/or federal fines for breaches by demonstrating good faith efforts to secure protected health information. The HHS Office for Civil Rights enforces HIPAA at the federal level and has on occasion issued heavy fines against organizations for failure to secure PHI, as well as requiring implementation of corrective action plans. The Texas Medical Records Privacy Act also authorizes fines ranging from $5,000 per violation to a maximum of $1.5 million.
HITRUST, a health industry consortium best known for developing the Common Security Framework of best practices, has received a contract from the Texas Health Services Authority to create and conduct the certification program.
The program will assess compliance against controls specified in the Common Security Framework, along with controls relevant to complying with Texas law. Providers are expected to enable smaller entities to conduct a remote assessment. More information is available at HIETexas.org, and hitrustalliance.net/texas.