In addition, HB300 authorizes civil penalties ranging from $5,000 to $1.5 million for data breaches, depending on the severity, the covered entity’s compliance program, if entity was certified, and its efforts to correct the violation. Besides these increased civil monetary penalties, a data breach may also be classified as a felony.

Audits:

The Attorney General is also authorized by HB300 to work in tandem with The OCR and the Texas Department of Insurance in conducting audits of a covered entity. This includes monitoring the results of that audit. While certainly the focus seems to be on covered entities within the health care industry, anyone or any business with access to PHI should already be taking appropriate measures to ensure they are compliant with Texas HB300.