SUBCHAPTER B. AUTHORIZED DISCLOSURE OF CERTAIN HEALTH INFORMATION
Sec. 602.051. AUTHORIZATION FOR DISCLOSURE OF CERTAIN HEALTH INFORMATION. (a) Except as provided by Section 602.053, a covered entity must obtain authorization to disclose nonpublic personal health information before disclosing the information.
(b) A request for authorization to disclose nonpublic personal health information may be in written or electronic form and must:
(1) state the identity of the consumer or customer who is the subject of the information;
(2) describe:
(A) each type of information to be disclosed;
(B) each party to whom the covered entity intends to disclose the information;
(C) the purpose of the disclosure;
(D) how the information will be used; and
(E) the procedure for revoking the authorization;
(3) include the signature of:
(A) the consumer or customer who is the subject of the information; or
(B) the individual who is legally empowered to grant authorization;
(4) state the date the authorization is signed; and
(5) provide notice of:
(A) the period for which the authorization is valid; and
(B) the consumer's or customer's right to revoke the authorization at any time.
(c) The period for which the authorization is valid may not exceed 24 months.
(d) The right of a consumer or customer to revoke an authorization at any time is subject to the rights of an individual who, before receiving notice of a revocation, acted in reliance on the authorization.
(e) The covered entity shall retain the original or a copy of the authorization in the records of the individual who is the subject of the nonpublic personal health information.
Added by Acts 2003, 78th Leg., ch. 1274, Sec. 2, eff. April 1, 2005.