512-797-6503 info@thsa.org

Should I Get Certified?

If you or your organization uses, stores and/or exchanges protected health information (PHI), then the answer is yes!

Texas Law defines a covered entity as anyone who:

If you or your organization uses, stores and/or exchanges protected health information (PHI), you are considered a “covered entity” as defined by Texas Medical Records Privacy Act and would benefit from certification. Review the define laws by Texas below.  

A. For commercial, financial or professional gain, monetary fees or dues, or on a cooperative, nonprofit or pro bono basis, engages, in whole or in part, and with real or constructive knowledge, in the practice of assembling, collecting, analyzing, using, evaluating, storing or transmitting PHI. The term includes a business associate, health care payer, governmental unit, information or computer management entity, school, health researcher, health care facility, clinic, health care provider or person who maintains an Internet site;

B. comes into possession of PHI;

C. obtains or stores PHI under this chapter; or

D. is an employee, agent or contractor of a person described in (A), (B) or (C) insofar as they create, receive, obtain, maintain, use or transmit PHI.

Ready to talk?

Our team is happy to answer any questions or conerns regrading our products & certification. Click on the button below and we’ll get back to you shortly!

Certification FAQs

Use the accordions to learn about frequently asked questions about the SECURETexas certification. These questions cover a wide range of topics. If your question can not be answer please contact our team with the button below.

What is SECURETexas?

SECURETexas is a state program administered by the THSA offering health care entities privacy and security certification for compliance with state and federal medical privacy and security laws.

Why certify through SECURETexas?

See the benefits above!

How much does SECURETexas Certification cost?

How does my organization become SECURETexas certified?

  1. Are you eligible? Determine whether your organization is an entity who should get certified.
  2. Review the certification standards. Does your entity have policies and procedures covering each of the SECURETexas certification standards?
  3. Conduct a SECURETexas assessment. Contact one of our SECURETexas Preferred Vendors to conduct an assessment of your organization’s compliance against the SECURETexas standards.
  4. Certify your assessment. Once the preferred vendor completes your assessment, the vendor will refer the assessment to the THSA for review and certification.
  5. Re-Certify. SECURETexas certification lasts for two years, at which time the covered entity will re-assess and re-certify their compliance with the SECURETexas standards.

How does this relate to or reduce HIPAA fines and penalties?

  • Between $100-$50,000 for each violation up to a maximum of $1,500,000 for all violations of an identical provision in a calendar year, if the entity did not know of the violation.
  • Between $1,000-$50,000 for each violation up to a maximum of $1,500,000 for all violations of an identical provision in a calendar year, if there was a reasonable cause for the violation.
  • Between $10,000-$50,000 for each violation up to a maximum of $1,500,000 for all violations of an identical provision in a calendar year, if there was a willful neglect but the organization too corrective action.
  • $50,000 for each violation up to a maximum of $1,500,000 for all violations of an identical provision in a calendar year, if there was willful neglect and the organization did not take corrective action.

How does this relate or reduce Texas fines and penalties?

  • $5,000 for each violation that occurs in one year, regardless of how long the violation continues during that year, committed negligently.
  • $25,000 for each violation that occurs in one year, regardless of how long the violation continues during that year, committed knowingly or intentionally.
  • $250,000 for each violation in which the covered entity knowingly or intentionally used PHI for financial gain.
  • Up to $1,500,000 if the court finds that the violations have occurred with a frequency to constitute a pattern or practice.

However, pursuant to Sections 181.201 and 181.205, Health & Safety Code, when imposing civil or administrative penalties against a Texas covered entity for a violation of the Texas Medical Records Privacy Act, the court must consider six factors, including whether the covered entity maintained the SECURETexas certification at the time of the violation. Furthermore, SECURETexas may help prove another mitigating factor – the covered entity’s compliance history – that will reduce the amount of the civil or administrative penalty. The results of the certification can act as evidence of the covered entity’s compliance with the Texas Medical Records Privacy Act.

MORE INFO ON SECURETexas CERTIFICATION

What is SECURETexas

If you or your organization uses, stores and/or exchanges protected health information (PHI), you are considered a “covered entity” as defined by Texas Medical Records Privacy Act and would benefit from certification.

SECURETexas Standards & Vendors

Review the break down of standards and learn how can assist with SECURETexas certifications.

Certification Pricing

SECURETexas certification pricing is based on the covered entity’s number of employees. Please note that certification pricing is in addition to the price paid to the SECURETexas preferred vendor for assessment services.