While HIPAA regulations allow health professionals to share health information regarding opioid abuse with a patient’s loved ones in emergency and dangerous situations, many HIM departments are still struggling with the release of information laws of such information at the state level and those requests by insurance companies, payors, and other healthcare providers.
As we know, the Department of Health and Human Services (HHS) has issued several updates to the patient privacy regulation known as 42 CFR Part 2, which limits the sharing of substance abuse data while also relaxing them to share such data with personal representatives to aid in the combat of this epidemic.
The struggle for Health Information Management professionals in their organization is educating providers and medical professionals to understand how 42 CFR Part 2 differs from HIPAA and state law. Responding to the request for information requires staff to have a strong knowledge on the confidentiality laws so they can differentiate between those requestors who want more data sharing to improve care coordination and disclosing too much health information which could lead to potentially devastating consequences of releasing sensitive substance abuse information.
The Substance Abuse and Mental Health Services Administration (SAMHSA) repeatedly addressed calls for HHS to align Part 2 with HIPAA regulations so that patient information pertaining to substance abuse can be easily shared among providers. Although SAMHSA said that it has tried to align the updates to HIPAA “to the extent feasible,” the agency noted that the Part 2 regulation is “separate and distinct” from other patient privacy laws and provides more stringent protections in order to prevent individuals from discrimination.
“SAMHSA is seeking a balance between protecting the confidentiality of substance use disorder patient records and ensuring that the regulations do not pose a barrier to patients with substance use disorders who wish to participate in, and could benefit from, emerging healthcare models that promote integrated care and patient safety,” the notice stated. “Unauthorized disclosure of substance use disorder patient records can lead to a host of negative consequences, including loss of employment, loss of housing, loss of child custody, discrimination by medical professionals and insurers, arrest, prosecution, and incarceration.”
Providing privacy and security training for our employees at Ciox is paramount. We stay at the forefront of state and federal laws and provide education in multiple forms so our staff can protect the privacy of such highly confidential records while still sharing health information to assist in the care of treatment of individuals battling substance abuse.