Sec. 38.406. DATA PRIVACY AND SECURITY. (a) Any information that may identify a patient, health care provider, health benefit plan, health benefit plan issuer, or other payor is confidential and subject to applicable state and federal law relating to records privacy and protected health information, including Chapter 181, Health and Safety Code, and is not subject to disclosure under Chapter 552, Government Code.
(b) A qualified research entity with access to data or information that is contained in the database but not accessible through the portal described in Section 38.405:
(1) may use information contained in the database only for purposes consistent with the purposes of this subchapter and must use the information in accordance with standards, requirements, policies, and procedures established by the center in consultation with the stakeholder advisory group;
(2) may not sell or share any information contained in the database; and
(3) may not use the information contained in the database for a commercial purpose.
(c) A qualified research entity with access to information that is contained in the database but not accessible through the portal must execute an agreement with the center relating to the qualified research entity's compliance with the requirements of Subsections (a) and (b), including the confidentiality of information contained in the database but not accessible through the portal.
(d) Notwithstanding any provision of this subchapter, the department and the center may not disclose an individual's protected health information in violation of any state or federal law.
(e) The center shall include in the database only the minimum amount of protected health information identifiers necessary to link public and private data sources and the geographic and services data to undertake studies.
(f) The center shall maintain protected health information identifiers collected under this subchapter but excluded from the database under Subsection (e) in a separate database. The separate database may not be aggregated with any other information and must use a proxy or encrypted record identifier for analysis.
Added by Acts 2021, 87th Leg., R.S., Ch. 333 (H.B. 2090), Sec. 1, eff. September 1, 2021.
Structure Texas Statutes
Title 2 - Texas Department of Insurance
Subtitle A - Administration of the Texas Department of Insurance
Chapter 38 - Data Collection and Reports
Subchapter I. Texas All Payor Claims Database
Section 38.401. Purpose of Subchapter
Section 38.403. Stakeholder Advisory Group
Section 38.404. Establishment and Administration of Database
Section 38.405. Public Access Portal
Section 38.406. Data Privacy and Security
Section 38.407. Certain Entities Not Required to Submit Data