This guide provides books and other information resources on the topic of guarding your personal data.
Ask a Librarian
Contact an Attorney
There are state and federal laws that protect the confidentiality of your "individually identifiable health information".
According to 1320d(6) in Title 42 of the U.S. Code (Health Insurance Portability and Accountability Act):
While HIPAA refers to "individually identifiable health information", the HIPAA Privacy Rule refers to an individual's health information as "protected health information" (PHI). You can read the definition of "protected health information" in Part 160.103, Subpart A, Code of Federal Regulations, Title 45.
The Texas Medical Records Privacy Act requires “covered entities” to comply with HIPAA and adds additional protections. You can find these laws in the Texas Health and Safety Code, Chapter 181.
A “covered entity” includes any person who assembles, collects, or uses health information. For example, a school or healthcare facility would be a “covered entity”. You can read the full definition of a “covered entity” in Section 181.001(b)(2) of the Texas Health and Safety Code.
With some exceptions, a covered entity may not:
If a covered entity violates these laws, they may be subject to civil penalty or disciplinary action.
There are some exceptions to these laws. For example, employers, insurance companies, the American Red Cross, Workers’ Comp, and other entities are partially exempt from the Texas Medical Records Privacy Act. You can find a list of exempt entities in Texas Health and Safety Code, Chapter 181, Subchapter B. Some statutes within Texas Health and Safety Code, Chapter 181 provide more exceptions. Be sure to review the text of the law before taking any legal action.
This chapter of the Texas Administrative Code contains regulations from the Texas Medical Board on the release of medicals records.
The Texas Medical Records Privacy Act created this chapter of the Texas Health and Safety Code and outlines rules for medical records privacy in Texas.
This chapter of the Texas Insurance Code outlines the privacy of health information including penalties and enforcement.
If your private health information has been unlawfully shared, you can file a consumer complaint with the Texas Attorney General's Office. The Attorney General's Office is required to publish a report of medical privacy complaints they receive.
Texas Law Help provides this page with basic information about HIPAA and privacy rights in Texas Law in Texas.
This article from Texas Law Help gives an overview of federal and state health privacy protection.This page from the Texas Attorney General outline patients' right to privacy under both HIPAA and the Texas Medical Records Privacy Act.
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires the creation of national standards to protect a person's individually identifiable health information from being disclosed without their consent.
Your rights under HIPAA include:
In addition to your right to privacy, there are national standards for electronically storing and sending health care information to protect your privacy.
Your medical provider can share your medical records for certain reasons without asking your permission. For example, your doctor can share your information with another doctor who will treat you or the hospital where you are staying. Your information may also be shared for research or public health reasons.
These laws govern health privacy rights added by the Health Insurance Portability and Accountability Act of 1996.
The Privacy Rule is contained in Subpart A and E. HIPAA required these regulations to create a national standard for protecting a person's individually identifiable health information. Subpart A governs general provisions and definitions.
The Privacy Rule is contained in Subpart A and E. HIPAA required these regulations to create a national standard for protecting a person's individually identifiable health information. Subpart E governs procedures for hearings.
A person can file a HIPAA complaint on this page of the U.S. Department of Health and Human Services' website if they believe a entity has violated a someone's health information privacy rights that are protected under HIPAA.
This guide from the Privacy Rights Clearinghouse explains the rights that patients have under the HIPAA privacy rule.
This landing page on the U.S. Department of Health and Human Services website has information on the HIPAA complaint process and FAQs on HIPAA for both individuals and professionals. You can also find recent and past news on HIPAA.
The U.S. Department of Health and Human Services provides this summary of the HIPAA Privacy Rule.This video from the U.S. Department of Health & Human Services summarizes privacy rights under HIPAA.
These resources explain how to get your personal medical records. It also discusses situations when a person can access someone else's medical records.
This article from Nolo outlines the laws involved when a person makes a request for their medical records.
The Department of Health and Human Services (HHS) provides guidance on accessing the health information of a deceased individual on their website.
This resource from the Texas Jail Project provides information and forms for the release of inmates' medical information.
Below are some of the library resources that can provide further guidance on this topic. If you are not able to visit the State Law Library in Austin, this book might be available at a law library near you or a public library near you.
This title provides a concise introduction to the privacy issues found in Title II of the Health Insurance Portability and Accountability Act of 1996. Specific topics covered include authorizations, disclosures without authorizations, administrative requirements for covered entities, and penalties and enforcement.
This publication discusses the HIPAA Security Rule's role in the broader context of HIPAA and its other regulations, and provides useful guidance for implementing HIPAA security.