The new Information Letter No. 2021-09 updates responsibilities and requirements for healthcare providers in Texas, including nursing homes, regarding the protection of sensitive personal information and breach notification. Providers must use appropriate safeguards to protect sensitive personal information from unauthorized disclosure or acquisition, ensuring the information is unusable, unreadable, or indecipherable to unauthorized persons. In case of a breach, providers must notify the Texas Health and Human Services Commission (HHSC) within 10 business days using Form 0402 Potential Privacy/Security Incident. The provider must also disclose the breach to affected individuals or pay the expenses associated with HHSC providing the notification. Exceptions may be made if law enforcement determines that notification would impede a criminal investigation. To report a breach, providers must email a completed Form 0402 to the HHS Privacy Division. This update replaces the previous Information Letter IL2012-86.

Summaries are generataed using AI. Check important information.