Is Novig allowed in Texas? Yes—Novig, the digital health‑verification platform, is presently permissible under Texas law, but operators must navigate a patchwork of privacy, data‑security, and consumer‑protection statutes. Starting 1 January 2026, the Texas Department of State Health Services will enforce a new rulebook that tightens consent requirements, mandates third‑party audits, and imposes heavier penalties for non‑compliance. Ignoring these upcoming changes could expose businesses to civil fines up to $10,000 per violation and jeopardize licensure.
Current Legal Status in Texas
Novig operates as a “health‑information service” under the Texas Health and Safety Code §181.002, which permits electronic transmission of medical data when the provider obtains explicit, written consent. The Texas Business and Commerce Code also treats Novig as a data‑broker, requiring adherence to the Texas Identity Theft Enforcement and Protection Act. As long as firms secure informed consent, encrypt data in transit and at rest, and allow patients to revoke access, the platform remains lawful.
2026 Regulatory Changes
The 2026 rule, codified in Texas Administrative Code 22 TAC 120, introduces three core obligations:
- Enhanced Consent – Consent forms must be digital, timestamped, and stored for a minimum of five years.
- Third‑Party Audits – Independent auditors will verify encryption standards and privacy‑impact assessments annually.
- Penalty Structure – Violations will trigger tiered fines: $1,000 for first‑time minor breaches, escalating to $10,000 for repeated or severe infractions.
These rules aim to align Texas’s framework with the national “Digital Health Act” while preserving patient autonomy.
Impact on Texas Businesses
Health providers, insurers, and tele‑medicine startups must revise their onboarding workflows. Integration of a compliant e‑signature solution and routine audit scheduling are now budget items. Failure to adapt could result in loss of the ability to transmit records electronically, forcing a costly return to paper‑based processes. Moreover, insurers may deny coverage for services rendered through non‑compliant platforms, exposing providers to revenue risk.
Compliance Checklist Before 2026
- Update consent language to meet 2026 timestamp requirement.
- Deploy AES‑256 encryption for all stored and transmitted data.
- Contract an accredited audit firm for annual assessments.
- Train staff on the right to revoke access and the procedure for data deletion.
- Establish a breach‑response protocol that includes notification within 72 hours.
Frequently Asked Questions
Does Novig need a Texas medical license to operate?
No—Novig is classified as a technology service. However, any entity using Novig to exchange medical records must hold a valid Texas health‑care provider license.
What constitutes “explicit consent” under the new rules?
Explicit consent requires a digital signature, a clear description of data use, and a timestamp. Verbal consent or pre‑checked boxes no longer satisfy the requirement.
Are there exemptions for emergency situations?
Yes—Section 181.014 allows temporary waiver of consent when a patient is incapacitated and immediate care is required, provided the waiver is documented within 24 hours.
How will the audit requirement be enforced?
The Department will publish a list of approved auditors. Non‑compliance with the audit schedule triggers a mandatory corrective‑action order and may lead to fines.
Can a patient revoke consent retroactively?
Patients may withdraw consent at any time. Upon revocation, all of their data must be deleted or anonymized within 30 days, and any third parties must be notified of the change.