Policy Guidance

Texas HIE Interoperability Guidance

The Texas HIE Strategic and Operational Plan provides that the THSA will develop technology standards, including reference guides and policies, to support vendor neutrality and ensure statewide and federal program interoperability. The THSA, with input from stakeholders, has developed this guidance to serve as HIE interoperability guidance for organizations supporting HIE in Texas. The THSA also participates in multiple state and federal interoperability initiatives, as described in the THSA Interoperability Policy Statement below.

Texas HIE Privacy & Security Guidance

State law and the Texas HIE Strategic and Operational Plan provide that the THSA will develop privacy and security policies and procedures and promote practices that enable the secure electronic exchange of health information in a manner that protects patient privacy. The THSA, with input from stakeholders, developed the following policies and procedures which have been updated in resonse to HIPAA/HITECH final omnibus rule, as well as Texas Senate Bills 1609 and 1610, to serve as HIE privacy and security guidance for organizations supporting HIE in Texas.

State-Level Trust Agreement

The Texas State-Level Trust Agreement was developed by the THSA through a collaborative stakeholder process to serve as a contractual agreement between the THSA, the state's grant-funded local HIEs, applicable state agencies, and others who want to participate in the state-level shared services and the trust environment established under the agreement to electronically exchange protected health information with one another and, eventually, through the eHealth Exchange.

While specifications and operating procedures related to the document remain to be defined and additional changes may be necessary to enable the THSA to join the eHealth Exchange, the agreement contains applicable agreements between participating parties relating to their responsibilities and obligations to one another. The Agreement was recently updated to include the final version of the HIETexas Operating Policies and Procedures in Attachment No. 2.

Model Business Associate Agreement (BAA)

The Texas Model BAA is provided as an aid for use between Texas physicians and hospitals ("Covered Entities") and the state's grant-funded health information exchanges, or HIEs ("Business Associates"), to satisfy federal HIPAA requirements related to electronic exchange of protected health information. The Model BAA was developed through a collaborative stakeholder process based on a BAA currently in use by one of the state's grant funded HIEs that was negotiated between that HIE and its Covered Entity participants. The BAA was recently updated to ensure compliance with the HIPAA/HITECH Omnibus Final Rule.

Notice: This BAA is intended only to aid covered entities and their local HIE business associates; its use is not required and it is not intended to serve as a substitute for legal advice. HIEs that opt to use this document should consult an attorney to ensure that they use this document in a way that makes it an enforceable BAA that meets applicable state, HIPAA, and HITECH requirements.

Privacy and Security "White Papers"

The following White Papers on issues relating to privacy and security have been developed by the University of Houston Health Law & Policy Institute under contract with the Texas Health and Human Services Commission (HHSC). Together these papers form the basis for current and future state-level privacy and security guidance developed by the THSA in coordination with the HHSC and in response to direction provided by the Texas Legislature.

Implementing Privacy and Security Standards in Electronic Health Information Exchange (UPDATED)
April 2012, University of Houston Health Law & Policy Institute

Recommendations for Texas Health Information Trust Agreements
August 24, 2011, University of Houston Health Law & Policy Institute

Consent Options for HIE in Texas
June 27, 2011, University of Houston Health Law & Policy Institute

Primer - Medical Information Privacy Protections in Texas
March 15, 2011, University of Houston Health Law & Policy Institute

Sensitive Health Information White Papers and Reference Materials

The following White Papers and other reference materials on issues relating to the proper use and disclosure of sensitive health information have also been developed by the University of Houston Health Law & Policy Institute under contract with HHSC. Together these papers and reference materials will act as guidance for HIEs in the proper handling of sensitive health information.

Strategies for the Electronic Exchange of Minors Health Information
March 2013, University of Houston Health Law & Policy Institute

Strategies for the Electronic Exchange of Mental Health Information
March 2013, University of Houston Health Law & Policy Institute

Strategies for the Electronic Exchange of Substance Abuse Treatment Records
March 2013, University of Houston Health Law & Policy Institute

Strategies for Electronic Exchange of Sensitive Health Information: HIV, AIDS and STDs
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Nonemergency Treatment
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Emergency Treatment
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Payment
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Health Care Operations
March 2013, University of Houston Health Law & Policy Institute

HIETexas Privacy and Security Legal Framework Reference Document

THSA staff developed the HIETexas Legal Framework document to serve as a reference on the key elements of the legal framework being supported to ensure the private and secure exchange of health information in Texas.