State and local health department employees and contractors must sign confidentiality agreements before accessing confidential HIV related public health records. Such agreements shall include information of penalties for breach of confidentiality and procedures for reporting breach.
Persons making reports shall not be hindered from making reports nor be subject to sanctions for making reports. Supervisors and administrators may promulgate internal procedures to ensure confidentiality of reports.
A clinic, health facility, home health agency, or hospice licensed under the Health and Safety Code shall prevent unlawful or unauthorized access to, and use or disclosure of, patients' medical information.
Sales of disability insurance, Medicare supplement insurance and long-term care insurance sold to persons aged 65 years or older, shall be registered by the insurer with the commissioner. The commissioner shall provide facilities for the computerized recordkeeping of all registered policies and certificates. The commissioner shall adopt regulations to implement and administer registration pursuant to this section. Regulations shall include criteria for releasing the registered information to parties outside the department.
If a clinic has an automated drug delivery system, the clinic must develop policies and procedures to ensure safety, accuracy, accountability, patient confidentiality, and the maintenance of the drugs. Drugs may only be removed from the automated drug delivery system if authorized by the pharmacist after reviewing the patient's profile.
Upon notice from the department that an enrollee has applied for an independent medical review, the plan or its contracting providers shall provide the requisite medical records (specified in (1) to (3)) to the independent medical review organization within 3 days. The confidentiality of any enrollee information shall be maintained in accordance with applicable laws.
The department shall implement an Internet-based electronic death registration system for the creation, storage, and transfer of death registration information. The electronic death registration system shall protect the proper use of the death registration information created, stored, and transferred within the system; and shall be subject to any limitation placed on the accessibility and release of personally identifying information contained in those death records by any other provision of law or subsequently enacted legislation.