88R12984 JG-D     By: Vasut H.B. No. 4589       A BILL TO BE ENTITLED   AN ACT   relating to restrictions on the use of digital identification   systems for patient health care records.          BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF TEXAS:          SECTION 1.  Subtitle I, Title 2, Health and Safety Code, is   amended by adding Chapter 183 to read as follows:   CHAPTER 183. DIGITAL IDENTIFICATION SYSTEMS FOR HEALTH CARE   RECORDS          Sec. 183.001.  DEFINITIONS. In this chapter:                (1)  "Covered entity" has the meaning assigned by   Section 181.001.                (2)  "Digital identification system" means an   electronic system that uses digital technology throughout the   process of identifying an individual, including:                      (A)  data capture, validation, storage, and   transfer;                      (B)  credential management; and                      (C)  identity verification and authentication.                (3)  "Health care provider" means a person who is   licensed, certified, or otherwise authorized to provide or render   health care in this state in the ordinary course of business or   practice of a profession.          Sec. 183.002.  CONSENT REQUIREMENT FOR USE OF DIGITAL   IDENTIFICATION SYSTEMS. (a) Unless a covered entity or health care   provider obtains a patient's written informed consent, the entity   or provider may not:                (1)  use a digital identification system, including a   system created or operated by this state, to store a patient's   health care records, including genetic or biological information;   or                (2)  require the use of a digital identification system   for a patient to access the patient's health care records.          (b)  A health care provider may not coerce a patient to   consent to the use of a digital identification system, including by   requiring consent as a condition of receiving health care services   or treatment from the provider.          Sec. 183.003.  COMMERCIAL USE PROHIBITED WITHOUT   COMPENSATION. A covered entity or health care provider who obtains   a patient's written informed consent under Section 183.002 may not   use the patient's health care records for commercial gain in any   manner unless the entity or provider provides reasonable   compensation to the patient.          Sec. 183.004.  CONFIDENTIALITY. (a)  A covered entity or   health care provider who obtains a patient's written informed   consent under Section 183.002 shall ensure the patient's health   care records are kept confidential in accordance with applicable   state and federal law.          (b)  A covered entity or health care provider shall ensure   that a patient's health care records do not include identifying   information when the entity or provider shares the records in   accordance with the patient's written informed consent provided   under Section 183.002.          Sec. 183.005.  ENFORCEMENT. A violation of this chapter by a   covered entity or health care provider constitutes a violation of   Chapter 181 and the entity or provider is subject to enforcement   actions under Subchapter E of that chapter, including disciplinary   action by the appropriate licensing authority.          Sec. 183.006.  RULES. The executive commissioner shall   adopt rules to implement this chapter.          SECTION 2.  Chapter 183, Health and Safety Code, as added by   this Act, applies only to the use of a digital identification system   that occurs on or after the effective date of this Act.          SECTION 3.  This Act takes effect September 1, 2023.