On May 31, 2021, the Texas Legislature approved House Bill 3746, which seeks to amend the Texas Business and Commerce Code § 521.053 relating to certain notifications required following a breach of security of computerized data. Notably, the bill directs the Texas attorney general to post on its website a public listing of received data security breach notifications (for any breach involving at least 250 Texas residents) and then update the listing on a monthly basis.

After one year, the attorney general would remove the posted notification if the person who provided the notification has not incurred any additional breaches that impact 250 or more Texas residents during the one-year period. Lastly, the bill provides that any breach notification involving at least 250 residents must also include the number of affected residents who were sent a disclosure of the breach by mail or other direct method of communication at the time of the notification.

Once the bill is signed by Gov. Greg Abbott, these requirements will take effect beginning Sept. 1, 2021, and should remind healthcare providers to proactively monitor for potential data breaches.