The Substance Abuse and Mental Health Services Administration (SAMHSA), part of the U.S. Department of Health and Human Services (HHS), has finalized proposed changes to the Confidentiality of Substance Use Disorder Patient Records regulation, 42 CFR Part 2, aimed at supporting payment and healthcare operations activities while protecting the confidentiality of patients.
The finalized rule, posted to the Federal Register on Tuesday, where it is available for review, builds on changes to 42 CFR Part 2 made last year. In a final rule published last January, SAMHSA updated 42 CFR Part 2 rules by allowing patients to provide a general disclosure for substance abuse information, rather than limiting authorization to a specific provider.
The Confidentiality of Substance Use Disorder Patient Records, 42 Code of Federal Regulations Part 2 (Part 2) protects the confidentiality of records relating to the identity, diagnosis, prognosis, or treatment of any patient records that are maintained in connection with the performance of any federally assisted program or activity relating to substance use disorder education, prevention, training, treatment, rehabilitation, or research. Under Part 2, a federally assisted substance use disorder program may only release patient identifying information with the individual’s written consent, pursuant to a court order, or under a few limited exceptions.
The 42 CFR Part 2 regulations restricting how data of patients with substance use disorders (SUDs) is shared were written in 1975 out of concern that the information could be used against individuals, causing them to avoid seeking needed treatment. But the way the regulation was written, it required the patient to consent every time their data was shared or accessed, which health information exchanges (HIEs) and healthcare organizations have found very difficult to implement.
The final rule published Tuesday will permit healthcare providers, with patients’ consent, to more easily conduct such activities as quality improvement, claims management, patient safety, training, and program integrity efforts, according to Elinore F. McCance-Katz, M.D., the nation’s first Assistant Secretary for Mental Health and Substance Use. “This final rule underscores our commitment to ensuring persons with substance use disorders receive integrated and coordinated care,” she said in a statement.
Dr. McCance-Katz said that modernizing Part 2 is one way that SAMHSA strengthens the nation’s efforts to reduce opioid misuse and abuse and to support patients and their families confronting substance use disorders. The rule also reflects an effort to better align Part 2 requirements with those of the Health Insurance Portability and Accountability Act (HIPAA), HHS officials said.
Major provisions in this latest rule include:
- The final rule permits additional disclosures of patient identifying information, with patient consent, to facilitate payment and healthcare operations such as claims management, quality assessment, and patient safety activities.
- The final rule permits additional disclosures of patient identifying information to certain contractors, subcontractors, and legal representatives for the purpose of conducting a Medicare, Medicaid, or CHIP audit or evaluation.
- The final rule will assist users of electronic health records (EHRs) by permitting use of an abbreviated notice of prohibition on re-disclosure more easily accommodated in EHR text fields.
The rule SAMHSA issued a year ago updating 42 CFR Part 2 was the first major, substantive revisions to Part 2 in nearly 30 years, but many in the provider community criticized the approach taken and called for closer alignment with HIPAA. In that rule, SAMHSA aimed to facilitate the sharing of information within the healthcare system to support new models of integrated healthcare. But some associations attested at the time that the rule makes sharing clinical information for treatment purposes more difficult.
As reported by Healthcare Informatics’ Contributing Editor David Raths last January, the Partnership to Amend 42 CFR Part 2, a coalition of nearly 30 healthcare organizations committed to aligning Part 2 with HIPAA, put out a statement saying that the final rule takes helpful steps to modernize Part 2, but it does not go far enough.
“The new final rule makes important updates, but more work needs to be done. We look forward to working with our partners and Congress this year to improve the confidentiality law so that it continues to offer important patient protections without impeding good care,” said Jeffrey Goldsmith, M.D., president of the American Society of Addiction Medicine, in a prepared statement.
Some health privacy lawyers and leaders in the behavioral healthcare communities have noted that the only way to align Part 2 rules with HIPAA is through legislation. And, there have been recent efforts in Congress to accomplish that. U.S. Senators Joe Manchin (D-WV) and Shelley Moore Capito (R-WV) introduced the Protecting Jessie Grubb’s Legacy Act (Legacy Act) this week, legislation that aims to bring the regulations governing substance use treatment disorder records in better alignment with the privacy rules and protections for other medical records.