DISCLAIMER: The information provided in this article, other knowledge base articles, and the Compliancy Group website do not, and are not intended to, constitute legal advice. All information, content, and materials in the Knowledge Base and on the Compliancy Group website are for general informational purposes only.
A covered entity that violates the TMRPA may be subject to penalties, as follows:
1. The Texas Attorney General may file a lawsuit seeking injunctive relief against the covered entity. Injunctive relief is obtaining an order from a court that enjoins, or prohibits, someone from taking or not taking specific action.
2. In addition to injunctive relief, the Texas Attorney General may also file a lawsuit against a covered entity for a TMRPA violation, and seek civil penalties. Civil penalties that can be assessed are as follows:
(a) $5,000 for each violation that occurs in one year, regardless of how long the violation continues during that year, committed negligently;
(b) $25,000 for each violation that occurs in one year, regardless of how long the violation continues during that year, committed knowingly or intentionally; or
(3) $250,000 for each violation in which the covered entity knowingly or intentionally used protected health information for financial gain.
If the court that hears the lawsuit brought by the Texas Attorney General finds that the violations have occurred with sufficient frequency to constitute a pattern or practice, the court may assess a penalty of up to $1.5 million annually.
Are there Non-Monetary Penalties for a TMRPA Violation by a Covered Entity?
Yes. A covered entity that is licensed by an agency of Texas that commits a TMRPA violation is subject to investigation and disciplinary proceedings, including probation or suspension by the licensing agency. If there is evidence that the violations of this chapter are egregious and constitute a pattern or practice, the agency may:
(1) revoke the covered entity's license; or
(2) refer the covered entity's case to the attorney general for the institution of an action for civil penalties.
In addition, if a court finds that a covered entity has engaged in a pattern or practice of violating the TMRPA, the covered entity will be excluded from participating in any state-funded healthcare program.
Does a Court Look at Mitigating Factors When Issuing Penalties for HB 300 Violations?
Yes.
In an action or proceeding to impose an administrative penalty or assess a civil penalty for actions related to the disclosure of individually identifiable health information, a covered entity may introduce, as mitigating evidence, evidence of the entity's good faith efforts to comply with:
(1) state law related to the privacy of individually identifiable health information; or
(2) the Health Insurance Portability and Accountability Act and Privacy Standards.
In determining the amount of the monetary penalty to impose, the court must consider a number of factors, including:
(1) the seriousness of the violation, including the nature, circumstances, extent, and gravity of the disclosure;
(2) the covered entity's compliance history;
(3) whether the violation poses a significant risk of financial, reputational, or other harm to an individual whose protected health information is involved in the violation;
(4) the amount necessary to deter a future violation; and
(5) the covered entity's efforts to correct the violation.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article