Go to:

Texas State Privacy Protection Rights

Texas statewide privacy links:

Sponsored

Introduction to Texas Privacy Rights

Texas maintains a unique approach to privacy protection that reflects both its independent spirit and its business-friendly environment. Unlike California, Colorado, and Virginia—which have enacted comprehensive consumer privacy laws—Texas has historically relied on sector-specific privacy statutes rather than omnibus legislation. However, this landscape is rapidly evolving as data breaches become more common and privacy concerns intensify among Texas residents.

The privacy framework in Texas consists of multiple layers: state-specific statutes governing data breach notification, biometric data collection, and identity theft; federal laws like HIPAA and FCRA that apply within the state; and common law privacy protections recognized by Texas courts. The Texas Business and Commerce Code contains several critical privacy provisions, while the Texas Government Code governs public records access through the Texas Public Information Act.

Compared to states with comprehensive privacy laws, Texas offers fewer consumer data rights regarding access, deletion, and opt-out mechanisms. However, Texas has been proactive in certain areas—the state was among the first to regulate biometric data collection through the Capture or Use of Biometric Identifier Act (Texas Business and Commerce Code Chapter 503), passed in 2009, predating similar Illinois legislation that became a national model. Texas also provides robust data breach notification requirements and specific protections for Social Security numbers and sensitive personal information.

As of 2024, Texas legislators have considered several comprehensive privacy bills, though none have yet been enacted. This means Texas residents must understand a patchwork of existing protections while monitoring potential future legislation that could significantly expand their privacy rights.

Texas's State Privacy Laws

Texas privacy protection emerges from several distinct statutes spread across different sections of state code. Understanding these specific laws is essential for Texas residents seeking to protect their personal information.

Data Breach Notification Law

The primary privacy statute affecting most Texas residents is the data breach notification law codified in Texas Business and Commerce Code §521.053. This law requires any person or business that conducts business in Texas and owns or licenses computerized data containing sensitive personal information to disclose any breach of system security to affected Texas residents. The statute defines "sensitive personal information" as an individual's first name or initial and last name in combination with Social Security number, driver's license number, or financial account information.

Under §521.053, notification must be made "without unreasonable delay" and no later than 60 days after discovering the breach. Businesses must also notify the Texas Attorney General if the breach affects 250 or more Texas residents. The notification must be clear and conspicuous, describing the incident in general terms, the type of information compromised, steps taken to protect the data from further unauthorized access, and contact information for consumer reporting agencies.

Biometric Privacy Protections

Texas Business and Commerce Code Chapter 503 regulates the capture and use of biometric identifiers—fingerprints, retina or iris scans, voiceprints, or records of hand or face geometry. Unlike the Illinois Biometric Information Privacy Act, which creates a private right of action, the Texas statute requires companies to inform individuals before capturing biometric data and obtain their consent. Companies must also provide information about the purpose and duration of storage. The law prohibits selling, leasing, or otherwise disclosing biometric identifiers to third parties without consent, though it contains exceptions for law enforcement and security purposes.

Identity Theft Protection

Texas Penal Code §32.51 makes identity theft a criminal offense, while Texas Business and Commerce Code Chapter 521 provides additional consumer protections. Section 521.052 specifically prohibits businesses from intentionally communicating or making available Social Security numbers to the general public, printing Social Security numbers on cards required for access to products or services, or requiring transmission of a Social Security number over the internet unless the connection is secure or the number is encrypted.

Employee Privacy Rights

Texas Labor Code Chapter 52 addresses certain employment privacy issues, though Texas is generally considered an employer-friendly state with fewer worker privacy protections than many jurisdictions. Employers in Texas may conduct drug testing, but the results are confidential under Texas Health and Safety Code §181.101. Texas law does not prohibit employers from requesting access to employees' personal social media accounts, unlike states with explicit social media privacy statutes. However, Texas Labor Code §21.404 prohibits employers from retaliating against employees who refuse to provide access to personal accounts.

Financial Privacy

Beyond federal protections under the Gramm-Leach-Bliley Act, Texas Finance Code Chapter 59 regulates financial institution privacy practices. Texas also adopted the Security Freeze Law (Texas Business and Commerce Code §20.01-§20.09), which allows consumers to place, temporarily lift, or remove a security freeze on their credit reports. Credit reporting agencies must implement the freeze within one business day of receiving the request and may not charge a fee for placement, removal, or temporary lift of the freeze.

Online Privacy Protection

Texas does not have a statute equivalent to California's Online Privacy Protection Act requiring privacy policies. However, Texas Business and Commerce Code §35.47 prohibits deceptive trade practices, which can apply to misleading privacy policies or practices. The Texas Deceptive Trade Practices-Consumer Protection Act (DTPA) provides a private right of action for consumers harmed by false or misleading statements about data practices.

Freedom of Information / Open Records in Texas

The Texas Public Information Act (TPIA), codified in Texas Government Code Chapter 552, establishes the state's open records framework. Enacted in 1973 and substantially amended over the decades, the TPIA embodies the principle that government information belongs to the people and should be accessible unless a specific exception applies.

What the Texas Public Information Act Covers

The TPIA defines "public information" as information collected, assembled, or maintained by or for a governmental body in connection with the transaction of official business. This includes records in any format—paper, electronic, audio, video, or other media. All state agencies, counties, municipalities, school districts, and other governmental entities fall within the act's scope. The law presumes all government information is public unless a specific exception applies.

Exemptions to Public Disclosure

Texas Government Code §552.101-§552.161 enumerate numerous exceptions protecting confidential information from disclosure. Key exemptions include:

How to Request Records

Texas residents and non-residents alike may submit public information requests to any governmental body. The request must be in writing—email, letter, or fax—and should be sent to the governmental body's public information officer or officer for public information requests. The request should reasonably describe the information sought with sufficient detail to enable the governmental body to identify and locate the requested records. Requesters need not state a reason for the request or identify themselves, though providing contact information facilitates communication.

Response Time Requirements

Under Texas Government Code §552.221, governmental bodies must promptly produce public information for inspection, duplication, or both within 10 business days after receiving a written request. If the governmental body cannot produce the information within 10 business days, it must certify this fact in writing to the requestor and to the Attorney General, stating when the information will be available or seeking an Attorney General decision about whether the information falls under an exception.

Fee Schedules

Texas Government Code §552.261 permits governmental bodies to charge reasonable fees for copying public records. The Texas Attorney General has established standard costs: typically $0.10 per page for standard-size copies, actual costs for non-standard reproductions, and personnel time charges for requests requiring extensive programming or manipulation of data. Governmental bodies must provide a written itemized statement of estimated charges exceeding $40 before fulfilling the request. Charges may be waived if releasing the information primarily benefits the general public.

Appeals Process

When a governmental body withholds information based on an exception, it must request an Attorney General decision within 10 business days. The requestor may submit arguments to the Attorney General explaining why the information should be released. The Attorney General must issue a decision within 45 business days, though this deadline may be extended. If the Attorney General determines information must be released and the governmental body disagrees, the governmental body must file suit within 30 calendar days or release the information. Requestors may also file suit in Travis County district court if they believe information has been wrongfully withheld.

HIPAA and Health Privacy in Texas

The Health Insurance Portability and Accountability Act (HIPAA) establishes federal baseline protections for medical information that apply throughout Texas. HIPAA's Privacy Rule regulates how covered entities—healthcare providers, health plans, and healthcare clearinghouses—may use and disclose protected health information (PHI). Texas residents have HIPAA rights to access their medical records, request corrections, receive an accounting of disclosures, and file complaints with the U.S. Department of Health and Human Services Office for Civil Rights.

Texas-Specific Health Privacy Laws

Texas provides additional health privacy protections beyond HIPAA's federal floor. The Texas Medical Records Privacy Act (Texas Health and Safety Code Chapter 181) applies to covered entities under HIPAA and extends to some entities not covered by federal law. Chapter 181 requires written authorization for most disclosures of protected health information and mandates specific elements for valid authorizations.

Texas Health and Safety Code §181.154 requires healthcare providers to notify patients when their electronic health information is improperly accessed, acquired, or disclosed. This state-level breach notification obligation exists alongside HIPAA's federal breach notification requirements and may apply in circumstances where HIPAA notification is not triggered.

Mental health records receive heightened protection under Texas Health and Safety Code Chapter 611. These records are confidential and may not be disclosed except with patient consent or as specifically authorized by statute. The law recognizes that mental health information is particularly sensitive and creates stricter standards for disclosure than apply to general medical records.

Protecting Your Medical Records

Texas residents should exercise their rights under both HIPAA and state law. Request a copy of your Notice of Privacy Practices from healthcare providers, which explains how they may use your information. Consider signing a HIPAA authorization only when necessary and limiting its scope. You may request an accounting of disclosures to learn who has accessed your medical records. If you believe your medical privacy has been violated, file complaints with both the Texas Health and Human Services Commission and the federal Office for Civil Rights.

Consumer Data Privacy Rights in Texas

Unlike California, Virginia, Colorado, Connecticut, and Utah, Texas has not enacted a comprehensive consumer privacy law granting residents broad rights to access, delete, correct, or opt out of the sale of their personal information. Texas consumers must instead rely on sector-specific state laws and federal privacy protections.

Current Consumer Rights

Texas consumers have limited statutory rights regarding data collected by private companies. The biometric privacy law (Texas Business and Commerce Code Chapter 503) provides consent and notice rights specifically for biometric data. The data breach notification law (Texas Business and Commerce Code §521.053) ensures consumers learn when their sensitive information has been compromised, enabling them to take protective action.

The Texas Deceptive Trade Practices-Consumer Protection Act (Texas Business and Commerce Code Chapter 17) prohibits false, misleading, or deceptive acts or practices, including misrepresentations about how consumer data will be collected, used, or shared. Consumers who suffer economic damages from such violations may sue for actual damages, and courts may award up to three times actual damages in certain circumstances.

Opt-Out Rights and Data Broker Removal

Texas law does not currently provide a general opt-out right for the sale of personal information. However, Texas residents may exercise opt-out rights under federal law and can take practical steps to limit data broker exposure. The Fair Credit Reporting Act allows consumers to opt out of prescreened credit and insurance offers by calling 1-888-567-8688 or visiting optoutprescreen.com.

To remove information from data brokers and people-search sites, Texas residents must typically submit individual opt-out requests to each company. Major data brokers like Spokeo, Whitepages, BeenVerified, and Intelius maintain opt-out processes, though these vary by company. Some require visiting a specific URL, completing a form with identifying information, and verifying the request through email. Others accept opt-out requests by mail. Be aware that information may reappear if data brokers obtain updated records from public sources.

Credit Report Rights Under FCRA

The Fair Credit Reporting Act provides Texas residents with important privacy rights regarding credit reporting. Consumers may request one free credit report annually from each of the three major credit bureaus—Equifax, Experian, and TransUnion—through annualcreditreport.com. Review these reports for accuracy and dispute any errors directly with the credit bureaus.

Texas Business and Commerce Code Chapter 20 supplements federal law by allowing consumers to place a security freeze on credit reports without charge. Once frozen, credit bureaus cannot release your credit report without your authorization, preventing identity thieves from opening new accounts in your name. You may temporarily lift the freeze when applying for legitimate credit using a PIN or password provided when establishing the freeze.

Employment Background Checks & Privacy in Texas

Texas employers frequently conduct background checks on job applicants and employees, but both federal and state laws impose certain limitations to protect privacy and prevent discrimination.

Fair Credit Reporting Act Requirements

When Texas employers use third-party background check companies (consumer reporting agencies), they must comply with the Fair Credit Reporting Act. Employers must obtain written consent before procuring a background check, provide a copy of the report if taking adverse action based on its contents, and give the applicant an opportunity to dispute inaccurate information. The FCRA also limits how far back certain negative information may be reported—most non-conviction records older than seven years should not appear, though this limitation does not apply to positions with salaries exceeding $75,000.

What Texas Employers Can Access

Texas employers may access criminal history records through the Texas Department of Public Safety's Crime Records Service or through private background check companies. Texas has no law limiting how far back criminal history checks may extend, meaning felony and misdemeanor convictions can appear indefinitely unless sealed or expunged.

Employers may check credit reports for employment purposes with applicant consent, though Texas Labor Code §23.001 prohibits employers from taking adverse action based on credit reports in certain circumstances unless the information is substantially related to the employee's current or potential job. This provides limited protection compared to states that more strictly regulate employment credit checks.

Ban-the-Box and Fair Chance Hiring

Texas does not have a statewide ban-the-box law prohibiting employers from asking about criminal history on initial job applications. However, several Texas cities have enacted local ordinances. Austin's fair chance hiring ordinance prohibits city departments and contractors from inquiring about criminal history until after a conditional job offer. San Antonio and Dallas have similar policies for city employment.

For positions requiring licenses, Texas Occupations Code Chapter 53 limits how licensing authorities may consider criminal history. Authorities must consider the nature and gravity of the crime, the relationship between the crime and the occupation, and the time elapsed since the offense or completion of sentence. This framework promotes fair consideration of applicants with criminal records for licensed occupations.

Criminal Record Accessibility and Expungement

Criminal records in Texas remain accessible indefinitely unless expunged or sealed through an order of nondisclosure. Expunction (Texas Code of Criminal Procedure Chapter 55) completely destroys records and is available for arrests not resulting in conviction, certain acquittals, pardoned offenses, and identity theft situations. Once expunged, the record is legally considered never to have occurred.

Orders of nondisclosure (Texas Government Code Chapter 411, Subchapter E-1) seal records from public access but do not destroy them. Law enforcement and certain licensing agencies may still access sealed records. Individuals convicted of certain misdemeanors and placed on deferred adjudication may petition for nondisclosure after waiting periods ranging from immediate eligibility to five years, depending on the offense.

Disputing Inaccurate Records

If a background check contains inaccurate information, dispute it with both the background check company and the Texas Department of Public Safety if the error originated in state criminal records. Submit a Challenge to Criminal History Record form to DPS Crime Records Service, P.O. Box 15999, Austin, TX 78761-5999. Include fingerprints and documentation supporting your challenge. DPS must respond within 30 days, and you may appeal denials through an administrative hearing process.

Protecting Yourself in Texas

Texas residents can take concrete steps to enhance their privacy and protect personal information from unauthorized access and misuse.

Step 1: Opt Out of People-Search Sites

Begin by identifying which people-search sites display your information. Search your name on major sites including Spokeo, Whitepages, BeenVerified, Intelius, PeopleFinder, and MyLife. Each site maintains its own opt-out process:

This process is time-consuming, and information may reappear when sites refresh data from public sources. Consider using privacy services like DeleteMe or Privacy Duck that submit removal requests on your behalf for a fee, though you can accomplish the same results through persistent manual effort.

Step 2: Freeze Your Credit

Place a security freeze with all three credit bureaus to prevent identity thieves from opening accounts in your name. Contact each bureau directly:

Under Texas Business and Commerce Code §20.034, credit bureaus must implement freezes within one business day of receiving requests and may not charge fees for placing, removing, or temporarily lifting freezes. Save the PINs or passwords provided—you'll need them to lift the freeze when applying for credit.

Step 3: Request Record Sealing or Expungement

If you have a Texas criminal record eligible for expunction or sealing, petition the appropriate court. For expunction, file a petition in the court where charges were filed or, if no charges were filed, in the county of arrest. The petition must include case information, offense details, and reasons you qualify for expunction under Texas Code of Criminal Procedure Article 55.01.

For orders of nondisclosure, determine your eligibility under Texas Government Code §411.072-§411.0735. Eligibility depends on the offense, completion of deferred adjudication, waiting periods, and absence of disqualifying subsequent offenses. File a petition in the court that placed you on deferred adjudication. The court will review your petition and may order a criminal history background check. If granted, DPS must seal records within 10 business days.

Step 4: Contact Relevant Texas Agencies

Familiarize yourself with agencies that handle privacy-related matters:

Step 5: Monitor Your Information Regularly

Establish a routine to monitor your personal information. Check credit reports quarterly by staggering requests from the three bureaus throughout the year. Set up Google Alerts for your name to detect when new information appears online. Review privacy settings on social media accounts and limit what information is publicly visible. Use unique, strong passwords for different accounts and enable two-factor authentication wherever available.

Step 6: Secure Your Digital Footprint

Use a virtual private network (VPN) when accessing public Wi-Fi networks. Consider using privacy-focused browsers and search engines that don't track your activity. Review app permissions on mobile devices and revoke unnecessary access to location, contacts, and photos. Regularly delete cookies and browsing history, or use browser privacy modes that don't retain this information.

Texas Data Breach Notification Requirements

Texas Business and Commerce Code §521.053 establishes specific requirements that entities must follow when personal information is compromised in a data breach. Understanding these requirements helps Texas residents know what to expect when their information is exposed and what rights they have.

Who Must Notify

Any person who conducts business in Texas and owns or licenses computerized data that includes sensitive personal information must disclose any breach of system security to affected Texas residents. This applies to both Texas-based companies and out-of-state entities doing business in Texas. Third-party service providers that maintain computerized data on behalf of other businesses must notify the data owner of any breach, and the data owner then bears responsibility for notifying affected individuals.

What Triggers Notification

Notification is required when sensitive personal information was or is reasonably believed to have been acquired by an unauthorized person. "Sensitive personal information" means an individual's first name or first initial and last name in combination with any of the following: Social Security number, driver's license or government-issued identification number, or account/credit/debit card number in combination with any required security code, access code, or password that would permit access to the account.

Timeframe for Notification

Entities must provide notification without unreasonable delay. While the statute does not specify an exact number of days for individual notification, it requires notification to the Texas Attorney General within 60 days of discovering the breach if it affects 250 or more Texas residents. Best practices suggest notifying individuals as quickly as possible once the scope of the breach is determined, typically within 60 days of discovery.

Method and Content of Notification

Notification may be provided by written notice, electronic notice (if consistent with federal E-SIGN Act provisions), or substitute notice if costs exceed $250,000, affected individuals exceed 500,000, or the entity lacks sufficient contact information. Substitute notice includes email if available, conspicuous posting on the entity's website, and notice to major statewide media.

The notification must be clear and conspicuous and include: description of the incident in general terms; type of sensitive personal information subject to unauthorized access; steps taken by the entity to protect individuals from further harm; information individuals can use to protect themselves; and contact information for consumer reporting agencies if Social Security numbers were compromised.

Penalties for Violations

Failure to comply with breach notification requirements constitutes a deceptive trade practice under Texas Business and Commerce Code Chapter 17, subjecting violators to civil penalties up to $100 per individual affected by the breach. The Texas Attorney General may bring enforcement actions seeking injunctive relief and civil penalties. Affected individuals may also have private rights of action under the Deceptive Trade Practices Act for damages resulting from notification failures, though they must prove actual damages.

Children's Privacy in Texas

Texas children receive privacy protections from both federal laws applicable nationwide and certain state-specific provisions addressing student information and online safety.

COPPA Compliance in Texas

The Children's Online Privacy Protection Act (COPPA) applies throughout Texas, requiring operators of websites, online services, and mobile applications directed to children under 13 to obtain verifiable parental consent before collecting, using, or disclosing personal information from children. The Federal Trade Commission enforces COPPA and has brought actions against companies violating the law. Texas parents may file complaints with the FTC at ftc.gov if they believe a service has collected their child's information without proper consent.

Texas Student Data Privacy

Texas Education Code Chapter 32 addresses student data privacy and security. School districts must maintain reasonable safeguards to protect student information, including Social Security numbers, grades, disciplinary records, and special education data. The law requires districts to establish data security policies and provide annual privacy training to employees with access to student data.

Texas Education Code §32.151 requires written consent before releasing a student's educational records, with exceptions mirroring those in the federal Family Educational Rights and Privacy Act (FERPA). Parents have rights to inspect and review their children's educational records, request corrections, and receive notice before schools share directory information like names and photos.

School Records Under FERPA

FERPA applies to all schools receiving federal funding in Texas, giving parents rights to access their children's educational records and control disclosure to third parties. When students turn 18 or attend postsecondary institutions, these rights transfer to the students themselves. Schools must provide access within 45 days of a request and may not disclose personally identifiable information without consent except in specific circumstances such as school transfers, financial aid determinations, or compliance with judicial orders.

Texas parents concerned about student record privacy should submit annual opt-out forms if they do not want directory information released, review their children's records periodically for accuracy, and question how schools use student data with third-party educational technology vendors.

Frequently Asked Questions

Does Texas have a comprehensive data privacy law like California's CCPA?

No, Texas does not currently have a comprehensive consumer data privacy law comparable to the California Consumer Privacy Act (CCPA) or California Privacy Rights Act (CPRA). While Texas legislators have introduced various privacy bills in recent sessions, none have been enacted as of 2024. Texas residents must rely on sector-specific privacy laws covering areas like data breach notification, biometric information, and health records, along with federal privacy protections. However, privacy legislation remains an active topic in the Texas Legislature, and future sessions may consider comprehensive privacy frameworks.

How long do companies have to notify me of a data breach in Texas?

Under Texas Business and Commerce Code §521.053, companies must notify affected individuals "without unreasonable delay" after discovering a breach. While the statute does not specify an exact timeframe for individual notification, companies must notify the Texas Attorney General within 60 days of discovery if the breach affects 250 or more Texas residents. In practice, most companies notify individuals within 30-60 days of confirming the breach scope, though notification may occur sooner if immediate action is needed to protect consumers.

Can I sue a company that violates my privacy rights in Texas?

Your ability to sue depends on which law was violated. Texas law does not provide a general private right of action for privacy violations. However, you may sue under the Texas Deceptive Trade Practices-Consumer Protection Act (DTPA) if a company made false or misleading representations about its data practices and you suffered economic damages as a result. You must typically provide 60 days' written notice before filing suit, giving the company an opportunity to settle. If you prevail, you may recover actual damages and potentially up to three times actual damages if the violation was knowing. For violations of federal laws like HIPAA or FCRA, private rights of action depend on the specific federal statute involved.

How do I remove my mugshot from websites in Texas?

Texas Penal Code §21.19 and Business and Commerce Code §109.001 address mugshot publication websites. The law prohibits soliciting payment to remove or correct criminal record information and allows individuals to request removal without charge if charges were dismissed, they were acquitted, or they received a pardon or expunction. Submit a written request to the website operator including proof of case disposition. If the operator fails to remove the information within 30 days, you may file a complaint with the Texas Attorney General or pursue civil remedies. For arrests resulting in conviction, removal depends on the website's policies unless you obtain an expunction or order of nondisclosure.

Can employers in Texas look at my social media accounts?

Texas has no law prohibiting employers from viewing publicly available social media content. However, Texas Labor Code §21.404 provides limited protection by prohibiting employers from retaliating against employees who refuse to add supervisors or colleagues to their personal social media contact lists or who refuse to provide login credentials for personal accounts. This does not prevent employers from searching for publicly posted information or from requesting access to work-related accounts created for business purposes. To protect your privacy, maintain strict privacy settings on personal social media accounts and avoid posting content you would not want employers to see.

What is the Texas Public Information Act and how does it affect my privacy?

The Texas Public Information Act (Texas Government Code Chapter 552) requires governmental bodies to provide public access to government records unless a specific exemption applies. This means records held by state agencies, counties, cities, school districts, and other government entities are generally public. However, the act contains numerous exceptions protecting personal privacy, including exemptions for home addresses and phone numbers of government employees (§552.102), highly personal or intimate information (§552.101), medical records (§552.139), and ongoing criminal investigations (§552.108). If you submit information to a government agency and believe it contains confidential trade secrets or proprietary information, request confidential treatment in writing and explain which exception applies. The government must then seek an Attorney General opinion before releasing the information.

How do I get my criminal record sealed or expunged in Texas?

Expunction completely destroys criminal records and is available for arrests not resulting in conviction, acquittals, pardoned offenses, certain dismissed cases, and identity theft victims. File a petition for expunction in the court where charges were filed (or county of arrest if no charges were filed) under Texas Code of Criminal Procedure Article 55.01. Orders of nondisclosure seal records from public view but do not destroy them; law enforcement and certain agencies retain access. These are available for some misdemeanor and felony deferred adjudication cases under Texas Government Code Chapter 411, Subchapter E-1, after waiting periods ranging from immediate to five years depending on the offense. File the petition in the court that placed you on deferred adjudication. Both processes require court hearings, and hiring an attorney familiar with Texas expunction law is advisable for navigating the procedural requirements.

What privacy rights do I have regarding my medical records in Texas?

You have rights under both federal HIPAA regulations and Texas Health and Safety Code Chapter 181. You may request copies of your medical records, and providers must supply them within 15 business days under Texas law. You may request corrections to inaccurate information, though providers may deny requests if they believe records are accurate. You may request an accounting of disclosures to learn who accessed your records in the past six years. You may request restrictions on how providers use or share your information, though providers need not agree except for disclosures to health plans when you paid out-of-pocket in full. Mental health records receive additional protections under Texas Health and Safety Code Chapter 611 and generally cannot be disclosed without your written consent. If your health information is improperly accessed or disclosed, providers must notify you under both HIPAA and Texas law.

Last reviewed: Apr 2, 2026 Updated: Apr 2, 2026