Policy Guidance

Texas HIE Options Guidance

An overview of options available to Texas health care providers for HIE in 2012; includes a description of the State Local HIE Program and the Texas White Space initiative. (December 30, 2011, Texas Health Services Authority)

Texas HIE Options (December 30, 2011, Texas Health Services Authority)

Texas HIE Interoperability Guidance

The Texas HIE Strategic and Operational Plan provides that the THSA will develop technology standards, including reference guides and policies, to support vendor neutrality and ensure statewide and federal program interoperability. The THSA, with input from stakeholders, has developed the documents located here to serve as HIE interoperability guidance for organizations supporting HIE in Texas.

Texas HIE Privacy & Security Guidance

State law and the Texas HIE Strategic and Operational Plan provide that the THSA will develop privacy and security policies and procedures and promote practices that enable the secure electronic exchange of health information in a manner that protects patient privacy. The THSA, with input from stakeholders, developed the following policies and procedures which have been updated in resonse to HIPAA/HITECH final omnibus rule, as well as Texas Senate Bills 1609 and 1610, to serve as HIE privacy and security guidance for organizations supporting HIE in Texas.

THSA Model Privacy Policies and Procedures
THSA Model Security Policies and Procedures 

Standards Relating to the Electronic Exchange of Health Information

House Bill 300 (82nd Texas Legislature, 2011) requires that the THSA develop and submit privacy and security standards for the electronic sharing of protected health information to the Texas Health and Human Services Commission. Those standards are designed to comply with HIPAA, the Texas Medical Records Privacy Act, and any other state and federal law relating to the security and confidentiality of information electronically maintained or disclosed by a covered entity. The standards further ensure the secure maintenance and disclosure of personally identifiable health information, include strategies and procedures for disclosing personally identifiable health information, and support a level of system interoperability with existing health record databases in Texas that is consistent with emerging standards.

HB 300 further requires that once these standards have been ratified through the rule-making process, the THSA must publish the standards on its website. The final publication of those standards, which have been re-posted on this website with the permission of the Director of the Texas Register, can be found HERE. A link to where those standards have been adopted as part of the Texas Administrative Code can be found HERE.

The THSA has now partnered with the Health Information Trust Alliance (HITRUST) to implement a certification program wherein a Texas covered entity may apply for certification of its past compliance with these standards. Covered entities will be able to apply for certification later this fall.

State-Level Trust Agreement

The Texas State-Level Trust Agreement was developed by the THSA through a collaborative stakeholder process to serve as a contractual agreement between the THSA, the state's grant-funded local HIEs, applicable state agencies, and others who want to participate in the state-level shared services and the trust environment established under the agreement to electronically exchange protected health information with one another and, eventually, through the eHealth Exchange.

While specifications and operating procedures related to the document remain to be defined and additional changes may be necessary to enable the THSA to join the eHealth Exchange, the agreement contains applicable agreements between participating parties relating to their responsibilities and obligations to one another. The Agreement was recently updated to include the final version of the HIETexas Operating Policies and Procedures in Attachment No. 2.

Texas State Level Trust Agreement

Model Business Associate Agreement (BAA)

The Texas Model BAA is provided as an aid for use between Texas physicians and hospitals ("Covered Entities") and the state's grant-funded health information exchanges, or HIEs ("Business Associates"), to satisfy federal HIPAA requirements related to electronic exchange of protected health information. The Model BAA was developed through a collaborative stakeholder process based on a BAA currently in use by one of the state's grant funded HIEs that was negotiated between that HIE and its Covered Entity participants. The BAA was recently updated to ensure compliance with the HIPAA/HITECH Omnibus Final Rule.

Notice: This BAA is intended only to aid covered entities and their local HIE business associates; its use is not required and it is not intended to serve as a substitute for legal advice. HIEs that opt to use this document should consult an attorney to ensure that they use this document in a way that makes it an enforceable BAA that meets applicable state, HIPAA, and HITECH requirements.

Texas Model Business Associate Agreement  (May 2013)

Privacy and Security "White Papers"

The following White Papers on issues relating to privacy and security have been developed by the University of Houston Health Law & Policy Institute under contract with the Texas Health and Human Services Commission (HHSC). Together these papers form the basis for current and future state-level privacy and security guidance developed by the THSA in coordination with the HHSC and in response to direction provided by the Texas Legislature.

Implementing Privacy and Security Standards in Electronic Health Information Exchange (UPDATED)
April 2012, University of Houston Health Law & Policy Institute

Recommendations for Texas Health Information Trust Agreements
August 24, 2011, University of Houston Health Law & Policy Institute

Consent Options for HIE in Texas
June 27, 2011, University of Houston Health Law & Policy Institute

Primer - Medical Information Privacy Protections in Texas
March 15, 2011, University of Houston Health Law & Policy Institute

Sensitive Health Information White Papers and Reference Materials

The following White Papers and other reference materials on issues relating to the proper use and disclosure of sensitive health information have also been developed by the University of Houston Health Law & Policy Institute under contract with HHSC. Together these papers and reference materials will act as guidance for HIEs in the proper handling of sensitive health information.

Strategies for the Electronic Exchange of Minors Health Information
March 2013, University of Houston Health Law & Policy Institute

Strategies for the Electronic Exchange of Mental Health Information
March 2013, University of Houston Health Law & Policy Institute

Strategies for the Electronic Exchange of Substance Abuse Treatment Records
March 2013, University of Houston Health Law & Policy Institute

Strategies for Electronic Exchange of Sensitive Health Information: HIV, AIDS and STDs
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Nonemergency Treatment
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Emergency Treatment
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Payment
March 2013, University of Houston Health Law & Policy Institute

Consent and Authorization Matrix – Health Care Operations
March 2013, University of Houston Health Law & Policy Institute

HIETexas Privacy and Security Legal Framework Reference Document

THSA staff developed the HIETexas Legal Framework document to serve as a reference on the key elements of the legal framework being supported to ensure the private and secure exchange of health information in Texas.