What is a Covered Entity under HB300?

HB300 significantly expands the definition of a Texas "covered entity." A "covered entity" is now defined as any person/entity who: 

For commercial, financial, or professional gain, monetary fees, or dues, or on a cooperative, nonprofit, or pro bono basis, engages, in whole or in part, and with real or constructive knowledge, in the practice of assembling, collecting, analyzing, using, evaluating, storing, or transmitting protected health
information; 

• comes into possession of protected health information;
• obtains or stores protected health information under this chapter; or
• is an employee, agent, or contractor of a person insofar as the employee, agent, or contractor creates, receives, obtains, maintains, uses, or transmits protected health information.

This revised definition is broad and includes not only health care providers but those entities and individuals who under the “HIPAA Privacy Rule,” a federal regulation that protects the privacy of individually identifiable health information, would be classified as business associates and health care payers. In addition, the Texas Act’s “covered entity” definition includes governmental units, information or computer management entities, schools, health researchers, health care facility, clinics, and persons who maintain an Internet site.

As a result, this revision impacts any entity that conducts business in Texas and collects, uses, and/or stores PHI. While HITECH only covers law firms representing covered entities, HB300 has expounded upon those regulations to cover any law firm handling medical records, health insurance records, or healthcare billing records.