Texas Privacy Law (HB300) & HIPAA Compliance Course Overview
Covered entities and business associates doing business in Texas have specific requirements they must follow for the protection and disclosure of patient health information. Texas HB300 imposes additional privacy obligations beyond federal HIPAA requirements, creating a more stringent privacy framework that Texas healthcare organizations must navigate carefully. Failure to understand and comply with both federal HIPAA regulations and Texas-specific privacy laws can result in significant penalties, patient complaints, and reputational damage to healthcare organizations operating in the state.
This comprehensive course provides an overview of the privacy and security components of the Health Insurance Portability and Accountability Act (HIPAA), the additional requirements mandated by the HITECH Act and the Omnibus Final Rule, and the specific privacy requirements mandated by Texas HB300. Updated with the Omnibus Final Rule, this course provides the foundation for understanding HIPAA privacy and security regulations and the new requirements specific to Texas healthcare providers. It is designed for healthcare providers and other covered entities who need to provide HIPAA training to their staff, including physician groups, medical practices, hospitals, ASCs, and clearinghouses operating in Texas.
Texas Privacy Law (HB300) & HIPAA Compliance Course Content
Lesson 1: Introduction and Objectives
Course overview and learning objectives, importance of privacy compliance in Texas, dual compliance framework (federal HIPAA and Texas HB300), consequences of non-compliance, how course meets Texas training requirements
Lesson 2: HIPAA Basics
Health Insurance Portability and Accountability Act overview, Privacy Rule fundamentals, Security Rule fundamentals, HITECH Act enhancements, Omnibus Final Rule changes, covered entities and business associates definitions, protected health information (PHI) definition, Texas HB300 introduction
Lesson 3: Using and Disclosing PHI
Permitted uses and disclosures of PHI, treatment, payment, and healthcare operations (TPO), minimum necessary standard, patient authorizations, permitted disclosures without authorization, Texas HB300 specific disclosure restrictions, marketing and fundraising limitations, sale of PHI prohibitions
Lesson 4: Individuals’ Rights of Access to PHI
Patient right to access medical records, right to request amendments, right to accounting of disclosures, right to request restrictions on uses and disclosures, right to confidential communications, right to paper copy of privacy notice, Texas HB300 enhanced patient rights, timelines for responding to requests
Lesson 5: Securing PHI
Administrative safeguards, physical safeguards, technical safeguards, encryption and access controls, workstation and device security, mobile device management, remote access security, Texas-specific security considerations, security risk assessments
Lesson 6: Breach Notification Rules
Definition of breach under HIPAA and HITECH, four-factor risk assessment, notification to affected individuals, notification to HHS, notification to media (breaches affecting 500+ individuals), business associate breach reporting obligations, Texas HB300 breach notification requirements, timelines and methods for notification
Lesson 7: Enforcement
HIPAA enforcement by HHS Office for Civil Rights (OCR), civil monetary penalties (tier structure), criminal penalties, state attorney general enforcement, Texas Medical Board enforcement of HB300, examples of enforcement actions, compliance program importance, audits and investigations


