The Federal Health Insurance Portability and Accountability Act (HIPAA) and the Texas Medical Records Privacy Act (TMRPA) exist to protect the personal health information (PHI) of patients. These Acts contain enforcement mechanisms that penalize doctors and other medical professionals who violate them by disclosing PHI. For instance, Tex. Health and Safety Code § 181.202 provides that violations of TMRPA can result in the imposition of civil penalties and the revocation of professional licenses. 

Tex. Occ. Code § 159.002, which applies to physicians’ conduct, also outlines physicians’ responsibilities concerning the confidentiality of patient information and disclosure of that information. TMB Rule § 190.8(2)(N) also classifies failing to maintain the confidentiality of a patient as “unprofessional and dishonorable conduct that is likely to deceive, defraud, or injure the public within the meaning of the Texas Medical Practice Act. 

As a result, violations of HIPAA, TMRPA, the Texas Medical Practice Act, and related provisions that govern doctors concerning confidential patient information could result in disciplinary action against doctors, including the suspension and revocation of medical licenses. When you are facing disciplinary proceedings, you need the guidance of an experienced professional medical license defense lawyer. 

Examples of HIPAA, TMRPA, and Patient Confidentiality Violations

The most common types of HIPAA, TMRPA, and patient confidentiality violations occur in the ordinary course of medical practice. Doctors must be careful in their daily duties to avoid such common violations, such as:

  • Failing to store patient information and records securely
  • Talking about or communicating patient information to others
  • Using your personal email account or computer to access patient information
  • Leaving patient information open and accessible on a computer screen or documents when you are not present
  • Allowing employees to access unauthorized patient information
  • Permitting employees to share your or others’ logins, which may allow access to unauthorized patient information 
  • Posting patient information on websites or social media

A big factor in avoiding these violations is instituting strict policies for handling patient information among all staff members. In addition, you should ensure that regular training occurs concerning patient confidentiality and the procedures necessary to avoid violating these laws. While an isolated violation may not always lead to the loss of your medical license, a pattern or history of repeated violations could be costly and jeopardize your license. 

Disciplinary Proceedings and the Texas Medical Board

The Texas Medical Board (TMB) has the authority over the investigation and discipline of physicians if a complainant alleges that they have violated the Texas Medical Practice Act or TMB Rules. If the TMB investigates and determines that a violation of the law or rules has occurred, it can take disciplinary action against the physician. 

If the TMB determines that a professional has violated the Act, they can impose one or more sanctions and administrative penalties. In most cases, these sanctions come by agreement of the parties in the form of an Agreed Board Order. However, when the parties cannot reach an agreement, they come by order of the TMB following formal disciplinary proceedings. 

How the TMB Determines What Sanctions You May Receive

The type of sanctions that you could receive for a HIPAA violation or any other type of violation depends on the severity and frequency of the violations and any history of disciplinary actions. Available sanctions that the TMB can impose under Tex. Occ. Code § 164.001 includes license suspension or revocation, placement on probation for those with suspended licenses, administration of a public reprimand, and assessment of an administrative penalty. 

Depending on the nature of the violation, the TMB may also require the doctor to complete additional continuing education or training. For instance, a HIPAA or TMRPA violation might cause the TMB to order the physician to complete additional training on doctor-patient confidentiality, ethics, or HIPAA and TMRPA. 

The TMB must consider specific factors in determining what sanctions are justified in disciplinary proceedings. These factors include:

  • Whether you are being disciplined for multiple violations of the law and rules
  • Whether you have a history of previous disciplinary actions
  • Whether the violation relates to patient care or merely administrative matters

Rule § 190.14(9) lists the standard range of sanctions for different violations. For breach of confidentiality by a doctor, which constitutes unprofessional conduct likely to injure the public under Rule 190.8(2)(N), the potential sanctions range from:

  • A remedial plan that provides for the completion of eight hours of risk management CME, including HIPAA, and a $500 administration fee to
  • An Agreed Order or public reprimand, completion of CME in risk management and HIPAA, a $3,000 fine per occurrence, and the JP exam

Therefore, an isolated incident for a doctor with no previous disciplinary history will likely result in a much more lenient sanction. Conversely, the sanction is likely to be much more severe for a doctor with a long disciplinary history and a pattern of HIPAA violations combined with other violations. 

Furthermore, if you receive a remedial plan or sign an Agreed Order and fail to comply with its terms, you commit an independent violation of the Act. Therefore, you can face further discipline for the original violation and face additional sanctions for a new violation. 

We Are Here to Defend You Before the TMB

When you receive a complaint from TMB that could impact your medical license, whether it is based on a HIPAA violation or another issue, you may be unsure where to turn first. Our medical license defense attorneys stand ready to represent your interests and defend you from the allegations against you. Call us today at (512) 515-9518 to reach the offices of Bertolino LLP or contact us online.

Call or text (512) 476-5757 or complete a Case Evaluation form