Summary
Adds Chapter 183 to the Health & Safety Code to set requirements for Electronic Health Records. Requires EHRs containing patient information to be physically stored in the United States (including third‑party/cloud hosting), restricts non‑clinical data (e.g., credit score or voter registration) in EHRs, and mandates reasonable administrative/technical safeguards. Authorizes clinicians to use AI for diagnostic support with disclosure to patients and subject to medical‑board standards; requires parental access to minors’ records (with lawful exceptions). Directs regulators to ensure EHRs include fields for biological sex and sexual development disorders and that embedded decision‑support tools account for recorded biological sex. Enforcement includes injunctive relief and civil penalties; most provisions effective Sept. 1, 2025, with data‑localization storage applying Jan. 1, 2026.
Healthcare Implications
Significant operational impacts for hospitals, practices, and Electronic Health Record/cloud vendors: data localization will drive vendor due‑diligence and potential migrations; AI‑assisted diagnosis is expressly permitted but must include patient disclosure and human oversight. Mandatory biological‑sex fields affect documentation, reporting, and how CDS/AI tools leverage demographic variables; compliance programs should update templates, audit access controls, and ready for civil‑penalty exposure.