Skip to main content

Handling of Sensitive Personal Information and Breach Notification (IL 2021-09)

Last updated on

IL 2021-09 Handling of Sensitive Personal Information and Breach Notification (PDF) is published. This letter replaces IL 2012-86, Handling of Sensitive Personal Information and Breach Notification. It gives updated information about:

  • Responsibilities and requirements for protecting sensitive personal information received from Texas Health and Human Services Commission.
  • Notifying HHSC of a breach of sensitive personal information.

The provider or agency must use appropriate safeguards as part of the HHSC contract. These safeguards protect sensitive personal information from unauthorized disclosure acquisition. They include maintaining sensitive personal information away from unauthorized people in a way that is:

  • Unusable.
  • Unreadable.
  • Indecipherable.

The Guidance to Render Protected Health Information Unusable, Unreadable, or Indecipherable to Unauthorized Individuals page can help providers and agencies determine how to meet this standard.