The U.S. Department of Health and Human Services' (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) has released proposed changes to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations (45 C.F.R. Part 2) for the first time since 1987. The proposed changes address challenges that 42 C.F.R. Part 2 programs have faced since the health industry began adopting electronic health information records systems. To that end, the revisions set out in the February 9, 2016 proposed rule are largely meant to facilitate the transfer of information in Health Information Exchanges (HIEs) and establish protection for substance abuse records in the electronic health records environment. The proposed rule will enable entities to properly vet HIEs, ensure that patients can receive appropriate emergency care and disclose patient information in a less segmented manner, facilitating greater coordinated patient care.
Originally enacted in 1975, the law governing the confidentiality of substance abuse records was written to protect the confidentiality of patient records (specifically patient identity, diagnoses, prognoses, and treatment) "in any federally assisted program or activity relating to substance abuse education, prevention, training, rehabilitation or research." The proposed rule seeks to maintain the balance established by the existing rule for accessing information for treatment with the need to protect patients – due to the potential for negative effects if the records are exposed. These include loss of housing, loss of child custody, discrimination by medical professionals and insurers, loss of employment, arrest, prosecution and incarceration.
Specific changes in the proposed rule include, among others:
- Allowing patients to use a general designation for disclosure of information (such as a treatment facility, instead of a specific treatment provider).
- Requiring Part 2 programs or holders of patient identifying information to include a statement on the disclosure consent form explaining that patients have the right to request and obtain a list of entities to which their information has been disclosed.
- Clarifying that only information that indirectly or directly identifies an individual as having been diagnosed, treated, or referred for treatment for a substance abuse disorder is prohibited from re-disclosure.
- Adapting the medical emergency exception regulatory language to match the statutory language, thus allowing providers greater flexibility in determining when a "bona fide medical emergency" exists.
- Revising research exceptions.
- Permitting audits or evaluations necessary to meet the requirements of accountable care or similar organizations regulated by CMS, including a CMS-regulated Qualified Entity.
SAMHSA is specifically soliciting public input on the following:
- Whether or not to expand data linkages for researchers beyond federal data repositories – and if yes – to describe confidentiality, privacy, and security safeguards in place for non-federal repositories and whether those safeguards are sufficient to protect the security and confidentiality of patient information; and
- Whether patients should be able to determine the specific members or participants authorized to receive their information from an organization that is an "intermediary" and what changes this would require for the consent form.
According to HHS, the proposed rule provides "more stringent federal protections for patients with substance use disorders records than most other health privacy laws, including HIPAA." The comment period is open until April 11, 2016, through mail, hand delivery, or courier and the Federal eRulemaking Portal.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.