 ATTORNEY GENERAL OF TEXAS GREG ABBOTT | |
 |
January 12, 2011 Ms. Nneka C. Egbuniwe Deputy General Counsel Parkland Health and Hospital System 5201 Harry Hines Boulevard Dallas, Texas 75235 OR2011-00627 Dear Ms. Egbuniwe: You ask whether certain information is subject to required public disclosure under the Public Information Act (the "Act"), chapter 552 of the Government Code. Your request was assigned ID# 405730. The Dallas County Hospital District d/b/a Parkland Health & Hospital System (the "system") received a request for any information from 2000 to the date of the request, held by the system's North Texas Poison Center, related to injuries caused by drain cleaning products, including identifying information for any products of a specific brand involved. You assert that the system is not the proper entity to respond to the instant request. In the alternative, you assert that the submitted information is not subject to the Act. In the event the information is subject to the Act, you argue that the submitted information is excepted from disclosure under sections 552.101 and 552.110 of the Government Code. You believe that release of this information may implicate the interests of the Texas Department of State Health Services ("DSHS") and the Commission on State Emergency Communications ("CSEC"). Accordingly, you have notified DSHS and CSEC of the request and of their right to submit arguments to this office as to why the information should not be released. See Gov't Code § 552.304 (interested party may submit comments stating why information should or should not be released). We have considered your arguments and reviewed the submitted representative sample of information. (1) We first address your assertion that the system is not the proper entity to respond to the instant request. Section 552.002 of the Government Code defines public information as "information that is collected, assembled, or maintained under a law or ordinance or in connection with the transaction of official business: (1) by a governmental body; or (2) for a governmental body and the governmental body owns the information or has a right of access to it." Id. § 552.002(a). You provide documentation showing that, pursuant to a contract with CSEC, the system operates as part of the Texas Poison Control Network. (2) Under the contract, CSEC provides grant funds to the system, and the system provides coordinated poison control activities within a designated region, as required by chapter 777 of the Health and Safety Code. You assert that pursuant to this contract, the requested information is collected by the system on behalf of CSEC, and that the information is maintained in the Texas Poison Control Network's database. While the contract provides that such information must be made available to CSEC in the event it receives a public information request, it does not preclude the system from responding to requests that it may receive. We find that the system either has physical custody or a right of access to the information at issue, and that the information is collected, assembled, and maintained by the system in connection with the transaction of official system business. Accordingly, we conclude that the system is the proper entity to respond to the instant request. You next contend that, pursuant to section 181.006 of the Health and Safety Code, the requested information is not public information subject to the Act. Section 181.006 states that: For a covered entity that is a governmental unit, an individual's protected health information: (1) includes any information that reflects that an individual received health care from the covered entity; and (2) is not public information and is not subject to disclosure under [the Act]. Health & Safety Code § 181.006. Subsection 181.006(2) does not remove protected health information from the Act's application, but rather states this information is "not public information and is not subject to disclosure under [the Act]." We interpret this to mean a covered entity's protected health information is subject to the Act's application. Furthermore, this statute, when demonstrated to be applicable, makes confidential the information it covers. Thus, we will consider your arguments for this information. Section 552.101 of the Government Code excepts from disclosure "information considered to be confidential by law, either constitutional, statutory, or by judicial decision." Gov't Code § 552.101. Section 552.101 encompasses information protected by other statutes, such as section 181.006 of the Health and Safety Code. As noted above, section 181.006 states that "[f]or a covered entity that is a governmental unit, an individual's protected health information . . . is not public information and is not subject to disclosure under [the Act]." Health & Safety Code § 181.006. A "covered entity" is, in part, "any person who: (A) for commercial, financial, or professional gain, monetary fees, or dues, or on a cooperative, nonprofit, or pro bono basis, engages, in whole or in part, and with real or constructive knowledge, in the practice of assembling, collecting, analyzing, using, evaluating, storing, or transmitting protected health information. The term includes a business associate, health care payer, governmental unit, information or computer management entity, school, health researcher, health care facility, clinic, health care provider, or person who maintains an Internet site[.]" Id. § 181.001(b)(2). You inform us that the system operates a poison control center that maintains health information for the individuals it serves, including information showing that an individual received medical care. You assert that the information collected, used, and stored by the system consists of protected health information. Thus, you claim that the system is a covered entity for the purposes of section 181.006 of the Health and Safety Code. In order to determine whether the system is a covered entity for the purposes of section 181.006 of the Health and Safety Code, we must address whether the system engages in the practice of "assembling, collecting, analyzing, using, evaluating, storing or transmitting protected health information." Id. Section 181.001 states that "[u]nless otherwise defined in this chapter, each term that is used in this chapter has the meaning assigned by the Health Insurance Portability and Accountability Act and Privacy Standards ["HIPAA"]." Id. § 181.001(a). Accordingly, as chapter 181 does not define "protected health information," we turn to HIPAA's definition of the term. HIPAA defines "protected health information" as individually identifiable health information that is transmitted or maintained in electronic media or any other form or medium. See 45 C.F.R. § 160.103. HIPAA defines "individually identifiable health information" as information that is a subset of health information, including demographic information collected from an individual, and: (1) is created or received by a health care provider, health plan, employer, or health care clearinghouse; and (2) relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and (i) That identifies the individual; or (ii) With respect to which there is a reasonable basis to believe the information can be used to identify the individual[.] Id. HIPAA defines "health care provider" as a person or organization who furnishes, bills, or is paid for health care in the normal course of business. Id. Further, "health care" is defined as "care, services, or supplies related to the health of an individual." Id. You state that the system "coordinate[s] the poison control activities and provide[s] educational and medical services to patients on behalf of CSEC within its designated geographic region." You further inform this office that "[a]s part of providing poison control-related health care to patients, [the system] collects and stores information for CSEC, including but not limited to the patient's medical history and information regarding the current issue for which the patient is receiving health care." The information at issue consists of the system's poison control center's records that contain individually identifiable health information for purposes of section 160.103 of title 45 of the Code of Federal Regulations. Thus, the submitted records consist of protected health information for purposes of section 181.006 of the Health and Safety Code. Therefore, with respect to the information at issue, the system is a health care provider that is in the practice of assembling, collecting, using, storing, and transmitting protected health information and, consequently, is a covered entity for purposes of section 181.006 of the Health and Safety Code. Accordingly, the system must withhold the protected health information you have submitted under section 552.101 of the Government Code in conjunction with section 181.006 of the Health and Safety Code. As our ruling is dispositive, we do not address your remaining arguments against disclosure. This letter ruling is limited to the particular information at issue in this request and limited to the facts as presented to us; therefore, this ruling must not be relied upon as a previous determination regarding any other information or any other circumstances. This ruling triggers important deadlines regarding the rights and responsibilities of the governmental body and of the requestor. For more information concerning those rights and responsibilities, please visit our website at http://www.oag.state.tx.us/open/index_orl.php, or call the Office of the Attorney General's Open Government Hotline, toll free, at (877) 673-6839. Questions concerning the allowable charges for providing public information under the Act must be directed to the Cost Rules Administrator of the Office of the Attorney General, toll free at (888) 672-6787. Sincerely, Misty Haberer Barham Assistant Attorney General Open Records Division MHB/eeg Ref: ID# 405730 Enc. Submitted documents c: Requestor (w/o enclosures) Footnotes1. We assume that the "representative sample" of records submitted to this office is truly representative of the requested records as a whole. See Open Records Decision Nos. 499 (1988), 497 (1988). This open records letter does not reach, and therefore does not authorize the withholding of, any other requested records to the extent that those records contain substantially different types of information than that submitted to this office. 2. You state that DSHS and CSEC jointly administered the Texas Poison Control Network until May 1, 2010, when responsibility shifted solely to CSEC.
POST OFFICE BOX 12548, AUSTIN, TEXAS 78711-2548 TEL: (512) 463-2100 WEB: WWW.OAG.STATE.TX.US |