The Confidentiality of Substance Use Disorder Patient Records regulations (42 CFR Part 2) have been revised by the Department of Health and Human Services’ Substance Abuse and Mental Health Services (SAMHSA).
The 42 CFR Part 2 regulations, first promulgated in 1975, were written at a time when there was great concern that information relating to substance use disorder could be used against an individual. The main purpose of 42 CFR Part 2 was to ensure that a person who seeks help and receives treatment for substance use disorder is not placed at any greater risk or is made more vulnerable than a person who does not seek treatment. Under the 42 CFR Part 2 regulations, before information relating to a substance use disorder treatment program can be shared, consent must be obtained from the patient in writing, except in limited circumstances.
42 CFR Part 2 was important at the time and remains so, but a lot has changed since 42 CFR Part 2 took effect. Many healthcare providers find the regulations burdensome, they can hamper care coordination, and can put a patient’s safety at risk.
42 CFR Part 2 protects the privacy of patients, but the regulations often discourage primary care providers from providing care to SUD patients or recording SUD information. In some cases, physicians are required to fill out 11 different kinds of paperwork related to 42 CFR Part 2 and the treatment of SUD records is itself stigmatizing.
Many healthcare industry stakeholders have called for 42 CFR Part 2 regulations to be updated and aligned with HIPAA, which also serves to protect the privacy of patients and ensure the confidentiality of healthcare data.
In 2019, the HHS proposed changes to 42 CFR Part 2 regulations to support care coordination while improving privacy protections for SUD patients. After seeking comment from stakeholders, some of the proposed changes have now been adopted.
The updates do not change the basic framework for the protection of SUD records created by federally funded treatment programs and restrictions are still in place to prevent the use of SUD patient records in criminal prosecution against the patient. Written consent is still required from a patient before their SUD records can be shared, except in very limited circumstances. Records can only be shared with out consent if a court order is received, in a genuine medical emergency, and for the purpose of scientific research, audits, and SUD program evaluations.
The changes align 42 CFR Part 2 more closely with HIPAA and are intended to make it easier for healthcare providers to share SUD records if consent has been obtained from a patient. The changes will help to improve patient safety, support better care coordination, improve claims management and training, and ensure quality improvement, while reducing the burden on healthcare providers.
“This reform will help make it easier for Americans to discuss substance use disorders with their doctors, seek treatment, and find the road to recovery,” said HHS Secretary Alex Azar, in a statement. “Thanks to the valuable input of stakeholders, our final rule will make it easier for Americans to seek and receive treatment while lifting burdens on providers and maintaining important privacy protections.”
Information about the changes and why they have been made are detailed in an HHS fact sheet. The key changes to 42 CFR Part 2 regulations are detailed below:
- Treatment records created by non-Part 2 providers based on their own patient encounter(s) are explicitly not covered by Part 2, unless any SUD records previously received from a Part 2 program are incorporated into such records. Segmentation or holding a part of any Part 2 patient record previously received can be used to ensure that new records created by non-Part 2 providers will not become subject to Part 2.
- When an SUD patient sends an incidental message to the personal device of an employee of a Part 2 program, the employee will be able to fulfill the Part 2 requirement for “sanitizing” the device by deleting that message.
- An SUD patient may consent to disclosure of the patient’s Part 2 treatment records to an entity (e.g., the Social Security Administration), without naming a specific person as the recipient for the disclosure.
- Disclosures for the purpose of “payment and health care operations” are permitted with written consent, in connection with an illustrative list of 18 activities that constitute payment and health care operations now specified under the regulatory provision.
- Non-OTP (opioid treatment program) and non-central registry treating providers are now eligible to query a central registry, in order to determine whether their patients are already receiving opioid treatment through a member program.
- OTPs are permitted to enroll in a state prescription drug monitoring program (PDMP), and permitted to report data into the PDMP when prescribing or dispensing medications on Schedules II to V, consistent with applicable state law.
The post HHS Adopts Changes to 42 CFR Part 2 Regulations to Improve Care Coordination appeared first on HIPAA Journal.