THSA Strengthens SECURETexas Privacy and Security Certification

Partnerships with industry experts to assist covered entities in enhancing privacy and security compliance

The Texas Health Services Authority (THSA) (@THSA_HealthIT) is pleased to announce that it has strengthened its privacy and security certification program, known as SECURETexas, by partnering with multiple industry experts. These industry partners, who were selected as SECURETexas Preferred Vendors, work with covered entities to ensure compliance with privacy and security regulations, ultimately protecting the sensitive health information of Texas residents.

Preferred vendors enrolled to conduct assessments for SECURETexas certifications include:

“THSA’s Preferred Vendor Program is designed to leverage the experience of a diverse range of industry partners who have deep expertise in the health IT privacy and security sector in Texas,” said George Gooch, chief executive officer of THSA. “Covered entities in Texas will benefit from SECURETexas certification, which ensures safeguards are in place to comply with federal and state regulations, helping organizations of all sizes avoid government sanctions.”

The THSA is a public-private partnership created by the Texas Legislature in 2007 to promote, implement and facilitate the secure electronic exchange of health information. One of the ways the THSA accomplishes this purpose is through the SECURETexas certification program. In 2011, the Texas Legislature authorized THSA to identify relevant security and privacy standards and develop a certification program covered entities could use to demonstrate compliance with federal and state health information protection requirements.

“PwC is proud to partner with the Texas Health Services Authority as a SECURETexas Preferred Vendor, helping health care organizations ensure that their use of protected health information complies with privacy and security regulations,” said Mick Coady, health information privacy and security partner at PricewaterhouseCoopers. Coady believes in better health care network protection because “the network itself becomes a very vulnerable spot, and in the meantime we’re taking everything from paper to electronic medical records, so it just becomes kind of a whirlwind of a place where more risk is exposed than needs to be at the time.”

“As the world becomes more digitized and hyperconnected, cyberattackers are becoming increasingly sophisticated in their attempts to breach health systems’ security infrastructure,” said Sue Arthur, vice president of Health, Life Sciences and Regulated Industries for the Americas region at DXC Technology. “DXC’s integrated set of industry-leading security services will help the THSA better protect health information in the state of Texas.”

Preferred vendors will execute key elements of the SECURETexas certification program and assist covered entities in the following:

  • Assessments for certification. The SECURETexas certification is available for covered entities and business associates operating in Texas that are subject to privacy and security regulations. Certification involves conducting a security and privacy assessment against the SECURETexas standards, engaging a SECURETexas Preferred Vendor to evaluate the covered entity’s compliance programs, and updating programs and implementing any needed changes based on the assessments. Once this process is complete, THSA reviews the results and awards certification if qualifications are met.
  • Validating compliance. Under the Texas Medical Records Privacy Act, enforcement penalties can range up to $1.5 million annually. The Act also provides that certification can be a mitigating factor when a court or state licensure agency imposes a penalty for violation of the Act. Additionally, as breaches become more known, providers, payers and patients are becoming more concerned about the privacy and security of records. A certified entity can demonstrate its commitment to secure information appropriately.
  • Ongoing assessment. Certification provides additional motivation for covered entities to continually assess and validate their compliance. The THSA will conduct a “check-in” with certified entities one year after certification to look for sentinel events or other changes that would impact the entity’s compliance. Entities must be reassessed in full every two years in order to maintain certification.

About THSA
The Texas Health Services Authority (THSA) was established by the Texas Legislature for the purpose of promoting, implementing and facilitating the secure electronic exchange of health information. The THSA accomplishes this purpose through its health information exchange (HIE) and privacy and security certification and supporting programs.