Skip to content Skip to navigation

Association for Behavioral Health and Wellness Calls for Changes to Substance Abuse Privacy Laws

December 23, 2015
by Heather Landi
| Reprints

Privacy protections for alcohol and drug abuse patient records need to be changed to be in harmony with the Health Information Technology for Economic and Clinical Health (HITECH) Act and to enable better coordinated care, according to a paper released this week by the Association for Behavioral Health and Wellness (ABHW).

The paper, titled Now is the Time to Strengthen Protection of Substance Use Records by Revisiting the Substance Abuse Privacy Law, calls for changes to the Confidentiality of Alcohol and Drug Abuse Patient Records, 42 Code of Federal Regulations (CFR) Part 2 (Part 2). “Part 2 is an outdated federal regulation that hinders safe, effective, high quality substance use treatment,” the ABHW states.

The Part 2 regulations were originally authorized by the Comprehensive Alcohol Abuse and Alcoholism Prevention, Treatment and Rehabilitation Act of 1970 and Drug Abuse Prevention, Treatment and Rehabilitation Act of 1972. Part 2 sets out protections against unauthorized disclosure of substance abuse records as a way to encourage people to seek treatment.

In the paper, ABHW highlights that in the 40 years since the Part 2 regulations were created there have been huge changes in the organization and financing of substance use treatment. Patient centered medical homes that integrate medical and behavioral care are widely adopted and paper records have been largely replaced by electronic health records (EHRs).

“The use and exchange of health information, especially electronic health information, is governed by a comprehensive set of federal stringent privacy and security regulations that did not exist when the substance use record protections were enacted. The part 2 regulations were appropriate for a different time,” the ABHW report authors wrote. “The Part 2 provisions that now create obstacles to safe, quality care for people who have substance use disorders were developed for an earlier time, and not required by law.”

In May 2014, the Substance Abuse and Mental Health Services Administration (SAMHSA) stated that “behavioral health is essential to overall health and the costs of untreated substance abuse disorders, both personal and societal, are enormous.

”SAMHSA expressed an interest in examining the burden associated with specific consent requirements that don’t necessarily protect privacy and may be a barrier to coordinated care.

A proposed rule revising Part 2 is currently under review by the Office of Management and Budget (OMB).

“ABHW hopes that the proposed rule will be released shortly and will bring substance use privacy protections into harmony with the Health Insurance Portability and Accountability Act (HIPAA), the Affordable Care Act (ACA), and the HITECH Act. Separation of substance use from the rest of medicine creates several problems: primary care lacks the ability to coordinate a patient’s medical and substance use treatment; substance use treatment programs lack the capability to coordinate a patient’s medical and substance use care; and, patients are put at risk of unsafe, uncoordinated and uninformed care,” Pamela Greenberg, ABHW president and CEO, said.

ABHW’s paper proposes changes that can be made to Part 2 that balance the need to facilitate communications in support of safe, high quality health care with the need to protect the privacy interests of persons who seek treatment for substance use disorders.




Nothing in 42CFR2 prohibits a person from disclosing information regarding their substance abuse treatment. The decision of what to disclose to whom is the patient's to make, period. Unless the authors want to argue that they somehow "know better" what is in the patient's interest, their entire argument falls apart. The regulations already contain provisions for disclosing information without consent under special conditions such as the declaration of a medical emergency or the commission of a crime at the treatment site.


ONC National Coordinator Gets Live Look at Carequality Data Exchange

Officials from Carequality have stated that there are now more than 150,000 clinicians across 11,000 clinics and 500 hospitals live on its network. These participants are also able to share health data records with one another, regardless of technology vendor.

American Red Cross, Teladoc to Provide Telehealth Services to Disaster Victims

The American Red Cross announced a partnership with Teladoc to deliver remote medical care to communities in the United States that are significantly affected by disasters.

Report: The Business of Cybercrime in Healthcare is Growing

While stolen financial data still has a higher market value than stolen medical records, as financial data can be monetized faster, there are indications that there is ongoing development of a market for stolen medical data, according to an Intel Security McAfee Labs report.

Phishing Attack at Baystate Health Potentially Exposes Data of 13K Patients

A phishing scam at Baystate Health in Springfield, Mass. has potentially exposed the personal data of 13,000 patients, according to a privacy statement from the patient care organization and a report from MassLive.

New Use Cases Driving Growth in Health Data Exchange through Direct

In an update, DirectTrust reported significant growth in Direct exchange of health information and the number of trusted Direct addressed enabled to share personal health information (PHI) in the third quarter of 2016.

Insurers to CBO: Consider Private Insurers’ Data in Evaluations of Telemedicine

Eleven private insurers, including Aetna, Humana and Anthem, are urging the Congressional Budget Office (CBO) to consider the experience of commercial insurers when evaluating the impact of telemedicine coverage in Medicare.