[ Wednesday, June 05, 2013 ]
Texas House Bill 300 News
Jeff [1:14 PM]
: The Texas legislature only meets for 5 months every other year (because nobody's life, liberty or property is safe while the "Lege" is in session). In the last legislative session in 2011, the Lege passed HB 300, which revised several aspects of Texas medical record privacy law. One of the big changes was a solidification of the employee training requirement in Health & Safety Code Section 181.101. HIPAA generally requires training of employees, but it lacks specifics on what or when. HB 300 requires Texas companies who deal with any sensitive personal information (including PHI) to train their employees at least every 2 years, and within 60 days of hire. The training must be specific to the employee's duties, and must address any relevant federal and state privacy laws and rules. Additionally, employees must sign (manually or electronically) a verification of receipt of the training.
The 2013 Lege has passed an amendment to the HB300 that awaits Governor Perry's signature. Relevant changes:
- The 60 days post-hire deadline is increased to 90 days
- Reference to employee's duties and applicable federal/state law replaced with a general instruction that the training be "necessary and appropriate" for the employee's duties
- New training must be given within 1 year of the effective date of any material change in privacy law that impacts the employee's duties
- Employee signature sheets only need be retained for 6 years.
One thing that wasn't addressed that could've been is a better defined is what constitutes an electronic signature of an employee acknowledging training. Can an employee click a box on a computer program? Does a computer program that times the attendance and requires responses or test answers from the employee count as an electronic signature? That's still not clear, so for HB 300 compliance, I would still recommend using a physical sign-in sheet or electronic signature pad.
Blogger: HIPAA Blog - Edit your Template