The Texas Medical Board (TMB) licenses and regulates physicians and other medical professionals in Texas. This agency ensures that these professionals follow state and federal rules and laws that govern their profession, including HIPAA. Any violations can lead to disciplinary proceedings before the TMB.
As a licensed physician in the state of Texas, violations of those laws and rules can lead to disciplinary proceedings before the TMB. Sanctions resulting from disciplinary proceedings can significantly damage your reputation and career. A medical license defense lawyer can help if you are facing disciplinary proceedings. Contact the offices of Bertolino LLP at (512) 980-3751 or visit us online today to schedule an appointment.
Understanding Federal and State Laws Protecting Personal Health Information (PHI)
The main federal law covering the privacy of personal health information (PHI) is the Federal Health Insurance Portability and Accountability Act (HIPAA). Texas also has a state law, the Texas Medical Records Privacy Act (TMRPA), that protects the PHI of patients. Additionally, the state laws and rules enforced by the Texas Medical Board (TMB), including the Texas Medical Practice Act, provide protections for patient information in general.
HIPAA, TMRPA, and the laws and rules governing doctors and other medical professionals provide sanctions for those who violate them. As a result, doctors can face serious penalties for violating these laws, including a medical license suspension or revocation.
Sanctions for Violating State Laws Governing PHI
Tex. Health and Safety Code §§181.201 and 181.202 authorize the Attorney General to seek injunctive relief and civil penalties for violations of TMRPA. Civil penalties can range from $5,000 to $250,000, depending on the circumstances. Furthermore, medical professionals violating TMRPA can face disciplinary action if the evidence shows that the violations are egregious and constitute a pattern or practice.
Furthermore, Tex. Occ. Code § 159.002 outlines the professional responsibilities of physicians with respect to the confidentiality of patient information. 22 Tex. Admin. Code §180.1(2)(I) also classifies failing to maintain a patient’s confidentiality as unprofessional and dishonorable conduct that is likely to injure the public. According to 22 Tex. Admin. Code §180.5, a breach of confidentiality by a doctor can result in sanctions ranging from a remedial plan with mandated continuing medical education about confidentiality issues to a public reprimand and administrative penalties.
Sanctions for Violating HIPAA
Both the Texas Attorney General and the U.S. Department of Health and Human Services, Office of Civil Rights (OCR) can assess penalties against medical professionals for HIPAA violations. Typically, sanctions for HIPAA violations include civil fines and corrective action plans to avoid future violations. The amount of civil fines for HIPAA violations varies according to the severity of the violations, past history of violations, efforts to mitigate the violations, and other relevant factors.
The OCR relies on four categories that make up the penalty structure for HIPAA violations, as follows:
- Tier 1: A violation that the doctor was unaware of and could not have reasonably known about or avoided – Minimum fine of $100 to $50,000 per violation, with an annual maximum of $25,000
- Tier 2: A violation that the doctor should have been aware of but could not have avoided, but falling short of willful neglect – Minimum fine of $1,000 to $50,000 per violation, with an annual maximum of $100,000
- Tier 3: Willful neglect of HIPAA, but the doctor attempts to correct the violation– Minimum fine of $10,000 to $50,000 per violation, with an annual maximum of $250,000
- Tier 4: Willful neglect of HIPAA, but the doctor does not attempt to correct the violation– Minimum fine of $50,000 per violation, with an annual maximum of $1.5 million
These penalties are adjusted for inflation each year. Each violation carries the potential for a separate penalty, which means that a violation affecting several patients can result in multiple penalties.
Click to contact our professional license defense lawyers today
Common Examples of Federal and State Patient Confidentiality Violations
Doctors often commit HIPAA and TMRPA violations in the ordinary course of medical practice. As a result, doctors must be acutely aware of patient confidentiality and records rules and take care to avoid running afoul of them. Some of the common violations include:
- Failing to secure patient information and records;
- Talking about or communicating patient information to others or posting it on social media;
- Using a personal email account or computer to access patient information;
- Leaving patient information open and accessible on a computer screen or documents that others can view:
- Allowing employees to access unauthorized patient information; and
- Permitting employees to share logins.
Avoiding HIPAA and TMRPA violations is crucial to preventing costly fines and disciplinary proceedings. The key to preventing even accidental violations is establishing and maintaining strict policies for all staff members about handling PHI. Requiring regular training about patient confidentiality and the procedures to safeguard PHI can also help mitigate the potential for violations.
Complete a Case Evaluation form now
We are Here to Represent Your Interests Before TMB
We know how much is at stake if you face a disciplinary complaint against your medical license. Meet with us to discuss your case and learn how we can help. You’ll meet with one of our experienced medical license defense lawyers to discuss the details of the allegations filed against you. If you have received a medical licensing complaint, BERTOLINO LLP can help. Contact us today or call (512) 980-3751 and schedule a case evaluation.
Call or text (512) 476-5757 or complete a Case Evaluation form
