DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
Note: Compliancy Group cannot advise prospects or clients as to whether HB 300 applies to them. This issue is a question of law, and clients and prospects should consult a qualified attorney before proceeding.
De-identified PHI is PHI from which specific identifiers have been removed. Once de-identification is complete, the remaining information can no longer identify an individual, or provide a reasonable basis for identifying the individual.
De-identified PHI can become re-identified when someone's identity is determined from data that has been de-identified. This can happen when a de-identified data set is linked with another data set that has identifying information.
Under the Texas Medical Records Privacy Act, a person may not reidentify or attempt to reidentify an individual who is the subject of any protected health information, without obtaining the individual's consent or authorization, if state or federal law requires that consent or authorization.
Example: A federal law requires that before a person reidentifies the PHI, the person must receive authorization from the individual who is the subject of the PHI. In this instance, the Texas Medical Records Privacy Act requires that this authorization be obtained before the person reidentifies or attempts to reidentify the individual.
Note that the reidentification prohibition was in the original TMRPA, passed in 2001. When the TMRPA was amended by HB 300 in 2011, the reidentification prohibition was retained.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article