Texas Health Record Localization Law Prompts Data-Storage Review: SheppardMullin
Texas health care practitioners should review where they keep medical data before Sept. 1 to comply with a new state law, SheppardMullin attorneys Julia Kadish and Michael Sutton said in a blog post Friday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Health care practitioners must store electronic health records (EHRs) within the U.S. under the Texas law, which was signed by Gov. Greg Abbott on June 20 and comes into effect in one month. Florida is the only other state with a similar law, said Kadish and Sutton.
The new law covers “providers licensed, certified, or otherwise authorized to provide health care services in Texas,” and the localization requirements also extend to vendor and cloud storage relationships, the lawyers said.
Before it takes effect, covered entities in Texas “should assess storage of electronic health records to ensure records are maintained in the United States,” the lawyers said. “Providers will also want to confirm that the necessary safeguards are in place to protect EHRs. Lastly, credit scores or voter registration records should not be collected or stored in electronic health records.”
Kadish and Sutton added that “health care practitioners should assess vendor relationships to confirm compliance with the Act,” plus they “may also want to update template agreements to account for these offshoring considerations.”