SAMHSA Issues Final Rule Updating Substance Abuse Confidentiality Regulations | Healthcare Informatics Magazine | Health IT | Information Technology Skip to content Skip to navigation

SAMHSA Issues Final Rule Updating Substance Abuse Confidentiality Regulations

January 3, 2018
by Heather Landi
| Reprints

The Substance Abuse and Mental Health Services Administration (SAMHSA), part of the U.S. Department of Health and Human Services (HHS), has finalized proposed changes to the Confidentiality of Substance Use Disorder Patient Records regulation, 42 CFR Part 2, aimed at supporting payment and healthcare operations activities while protecting the confidentiality of patients.

The finalized rule, posted to the Federal Register on Tuesday, where it is available for review, builds on changes to 42 CFR Part 2 made last year. In a final rule published last January, SAMHSA updated 42 CFR Part 2 rules by allowing patients to provide a general disclosure for substance abuse information, rather than limiting authorization to a specific provider.

The Confidentiality of Substance Use Disorder Patient Records, 42 Code of Federal Regulations Part 2 (Part 2) protects the confidentiality of records relating to the identity, diagnosis, prognosis, or treatment of any patient records that are maintained in connection with the performance of any federally assisted program or activity relating to substance use disorder education, prevention, training, treatment, rehabilitation, or research. Under Part 2, a federally assisted substance use disorder program may only release patient identifying information with the individual’s written consent, pursuant to a court order, or under a few limited exceptions.

The 42 CFR Part 2 regulations restricting how data of patients with substance use disorders (SUDs) is shared were written in 1975 out of concern that the information could be used against individuals, causing them to avoid seeking needed treatment.  But the way the regulation was written, it required the patient to consent every time their data was shared or accessed, which health information exchanges (HIEs) and healthcare organizations have found very difficult to implement.

The final rule published Tuesday will permit healthcare providers, with patients’ consent, to more easily conduct such activities as quality improvement, claims management, patient safety, training, and program integrity efforts, according to Elinore F. McCance-Katz, M.D., the nation’s first Assistant Secretary for Mental Health and Substance Use. “This final rule underscores our commitment to ensuring persons with substance use disorders receive integrated and coordinated care,” she said in a statement.

Dr. McCance-Katz said that modernizing Part 2 is one way that SAMHSA strengthens the nation’s efforts to reduce opioid misuse and abuse and to support patients and their families confronting substance use disorders. The rule also reflects an effort to better align Part 2 requirements with those of the Health Insurance Portability and Accountability Act (HIPAA), HHS officials said.

Major provisions in this latest rule include:

  • The final rule permits additional disclosures of patient identifying information, with patient consent, to facilitate payment and healthcare operations such as claims management, quality assessment, and patient safety activities.
  • The final rule permits additional disclosures of patient identifying information to certain contractors, subcontractors, and legal representatives for the purpose of conducting a Medicare, Medicaid, or CHIP audit or evaluation.
  • The final rule will assist users of electronic health records (EHRs) by permitting use of an abbreviated notice of prohibition on re-disclosure more easily accommodated in EHR text fields.

 

The rule SAMHSA issued a year ago updating 42 CFR Part 2 was the first major, substantive revisions to Part 2 in nearly 30 years, but many in the provider community criticized the approach taken and called for closer alignment with HIPAA.  In that rule, SAMHSA aimed to facilitate the sharing of information within the healthcare system to support new models of integrated healthcare. But some associations attested at the time that the rule makes sharing clinical information for treatment purposes more difficult.

As reported by Healthcare Informatics’ Contributing Editor David Raths last January, the Partnership to Amend 42 CFR Part 2, a coalition of nearly 30 healthcare organizations committed to aligning Part 2 with HIPAA, put out a statement saying that the final rule takes helpful steps to modernize Part 2, but it does not go far enough.

“The new final rule makes important updates, but more work needs to be done. We look forward to working with our partners and Congress this year to improve the confidentiality law so that it continues to offer important patient protections without impeding good care,” said Jeffrey Goldsmith, M.D., president of the American Society of Addiction Medicine, in a prepared statement.

Some health privacy lawyers and leaders in the behavioral healthcare communities have noted that the only way to align Part 2 rules with HIPAA is through legislation. And, there have been recent efforts in Congress to accomplish that. U.S. Senators Joe Manchin (D-WV) and Shelley Moore Capito (R-WV) introduced the Protecting Jessie Grubb’s Legacy Act (Legacy Act) this week, legislation that aims to bring the regulations governing substance use treatment disorder records in better alignment with the privacy rules and protections for other medical records.

 

Get the latest information on Health IT and attend other valuable sessions at this two-day Summit providing healthcare leaders with educational content, insightful debate and dialogue on the future of healthcare and technology.

Learn More

Topics

News

Intermountain Healthcare Launches Study to Unlock Genomic Data

Researchers from the Salt Lake City, Utah-based Intermountain Healthcare have announced a long-term prospective study that they think has the potential to help physicians and others unlock genomic data.

UNC Health Care Receives HIMSS Analytics Stage 7 Designation

UNC Health Care, an integrated health care system based in Chapel Hill, N.C., has achieved Stage 7 designation on the HIMSS Analytics’ Electronic Medical Record Adoption Model (EMRAM).

FDA Announces Plan to Advance Medical Device Safety and Cybersecurity

The Food and Drug Administration (FDA) has announced new proposals aimed at advancing medical device cybersecurity, including placing new responsibilities on manufacturers, both before and after their devices hit the market.

Black Book: 9 in 10 Small Practices Not Optimizing Advanced EHR Functionalities

Eighty-eight percent of small practices of six or less practitioners still aren't optimizing advanced EHR (electronic health record) tools such as patient engagement, secure messaging, decision support and electronic data sharing, according to the latest Black Book survey

Penn., N.J. Health Systems Form Clinical Research Consortium

Six health systems in New Jersey and Pennsylvania have announced the founding of a nonprofit clinical research consortium – Partners in Innovation, Education, and Research (PIER Consortium) to streamline clinical trials.

Report: Global Digital Health VC Funding Hits Record $2.5B in Q1 2018

Venture capital funding into digital health companies in the first quarter of 2018 surged to a record $2.5 billion raised in 187 deals from $1.7 billion in 192 deals in the fourth quarter of 2017, according to a report from Mercom Capital Group