Just spotted this note on LinkedIn from Ed Goldner. My guess is this might also cover storage of records obtained by, for example, a defense firm collecting medical records of a personal injury plaintiff during discovery.
HIPAA compliance in Texas has been ramped up in September by HB300. Attorneys who collect, store and use client medical records PHI are now covered entities under the new Texas law. The law requires training of all firm staff by this month and training of new employees within 30 days of employment. It also requires significant IT and message security that most of us do not have in place. Huge fines for non compliance. If you lose PHI, you have to notify the client. Anyone out front on this issue?