Medical Privacy and Security Compliance — an Ongoing Process

October 25, 2013

September is here everyone is buzzing about the looming deadline for compliance with the HIPAA Omnibus rule — September 23, 2013.

Compliance with HIPAA is an ongoing process. Whenever laws and rules change, you must review your existing policies and processes to determine if they are still in compliance.  And when you make changes to your processes — new software, new mobile devices, etc — you should also review existing policies to determine if they are valid or need to be changed.

The 2013 legislative session brought a few minor changes to the Texas Medical Records Privacy Act that you should incorporate into your policies and procedures.

SENATE BILL 1609 (2013)

There are three changes to the Texas Medical Records Privacy Act, made by Senate Bill 1609, which will affect training requirements.

  • Covered entities (CEs) have up to 90 days (previously 60) to train new employees on federal and Texas privacy.
  • The requirement to re-train staff every two years has changed to require CEs to conduct re-training of staff in a reasonable period, but not later than the first anniversary of the date of the effective law change if the law affects the duties of the employee.
  • CEs are now required to document that an employee has received training by a signed statement that the employee completed the training. The documentation must be maintained for six years.

SENATE BILL 1610 (2013)

If the individual whose SPI was breached (or believed to be breached) resides in a state that requires a notice of a breach, the notice may be provided under that state’s law or under Texas law. A person may be given written notice at his or her last known address.

When you make changes to your processes, you need to evaluate (if not done before) or re-evaluate your systems for vulnerabilities and threats.  TMLT can assist you with this process by conducting a risk analysis.

For more information, please contact Stephanie Downing at or at 800-580-8658, ext. 4884.

Previous Flipbook
The Reporter Volume 6 2013
The Reporter Volume 6 2013

Do you know your cyber liability risks?; Avoiding seven common malpractice pitfalls (2.5-hour CME); Prescri...

Next Article
TMLT's Privacy and Security Toolkit Now Available

TMLT’s Privacy and Security Toolkit consists of three components: the Comparison Tool, the Introduction to ...

WEBINAR: Budgeting for HIPAA & Cyber Security

Learn More

Subscribe to CYBER @TMLT for more resources and cyber news.

First Name
Last Name
Are you a physician?
Are you a TMLT policyholder?
Please list your specialty or occupation. - optional
Thank you for subscribing to CYBER @TMLT
Error - something went wrong!