A common misperception exists that sharing mental health and substance use information with primary care providers is prohibited. However, the Organized Health Care Delivery System section of the HIPAA Reference states that behavioral health and primary care organizations can share information for the purposes of care coordination. The following resources and examples help providers fully understand confidentiality issues and overcome perceived obstacles.
A Business Associate is an entity or person who performs a function involving the use or disclosure of Protected Health Information (PHI) on behalf of a covered entity (such as claims processing, data analysis, case management, utilization review, quality assurance, etc.) or provides certain specified services where the provision of the service involves the disclosure of PHI for a covered entity. See the business associate identification flowchart and a sample agreement checklist.
The HHS Office for Civil Rights has put together a package of new and existing resources to help consumers and providers better understand the HIPAA privacy and security rules. All of the resources can be found in the Health Information Privacy section of the HHS Office for Civil Rights website.
The Legal Action Center and JBS International presented a webinar on February 28, 2013 entitled Patient Privacy and Confidentiality in the Changing Health Environment: HIPAA, 42CFR Part 2 and Health Care Reform. (recording)
The Legal Action Center in conjunction with SAMHSA’s Center for Substance Abuse Treatment (CSAT) conducted a four-part webinar on Alcohol and Drug Confidentiality Regulations. In 2010 and 2011, SAMHSA released 2 sets of FAQs addressing how alcohol/drug treatment records can be incorporated into HIT environment without violating federal alcohol/drug confidentiality regulations. Even after their release, questions about how to integrate alcohol/drug treatment records into HIT systems remain, and these webinars aim to advance understanding of how to do this.
Navigating confidentiality challenges when integrating mental health, substance abuse, and primary care, an eSolutions article written by CIHS Executive Director Kathy Reynolds, discusses navigating confidentiality substance abuse confidentiality within integrated health settings, including issues related to HIPAA and 42 CFR Part II.
Please Don’t Call My Mom: Pediatric Consent and Confidentiality (Clinical Pediatrics, April 2009) overviews federal and state law regarding pediatric consent and confidentiality and provides ethical considerations for the responsible management of physician discretion in these clinical situations. The National Center for Children in Poverty’s Adolescent Mental Health in the United States fact sheet also explores issues of confidentiality for teens. Confidentiality is vital among this population when one considers a JAMA-published study showing that assurances of confidentiality increases adolescents’ willing to disclose sensitive information from 39% to 46.5%.
The Office of Human Development Services outlined four levels of HIPAA compliance and the tools necessary to protect an organization.
The Confidentiality of Alcohol and Drug Abuse Patient Records Regulations and the HIPAA Privacy Rule: Implications for Alcohol and Substance Abuse Programs provides information for behavioral health providers seeking guidance on patient confidentiality issues.
Washtenaw Community Health Organization developed a sample HIPAA Business Associates Agreement. The organization also developed a sample Integrated Behavioral Health and Primary Care Confidentiality Policy (this policy addresses HIPAA, 42CFR, and Michigan-specific privacy policies; individuals must edit to address individual state guidelines.
Washington State passed legislation to amend state privacy laws in support of primary and behavioral health collaboration that can serve as a model for other states.
A diagram within the National Council’s Raising the Bar: Moving Toward the Integration of Healthcare provides a succinct look at how the three sets of rules and regulations integrate with other items such as business associate agreements, individual and group release of information forms, privacy statements, individual consents for treatment, and professional ethics.
Next to understanding HIPAA and 42 CFR Part II, state-defined confidentiality rules and regulations are the third key element in creating a bidirectional integrated health delivery system. Michigan’s integrated mental health, substance abuse, and primary care services confidentiality policy provides a useful sample for other states’ review.
The Legal Action Center developed a series of tools to help organizations navigate the 42CFR Part 2 rules for confidentiality around drug and alcohol use. Use the decision tree to determine if your SBIRT services are subject to Part 2 rules, and learn more about the regulations and what they mean for SBIRT providers with their fact sheet.
A 42 CFR Part II presentation by H. Westley Clark, Director, Center for Substance Abuse Treatment, discusses health information sharing and confidentiality regulations.
SAMHSA released new FAQs on 42 CFR Part 2, addressing the confidentiality of alcohol and substance use patient records. With the contemporary emphasis on electronic health records (EHRs) and health information, SAMHSA updated “frequently asked questions,” or FAQs, will better help providers navigate confidentiality issues in integrated settings and systems. Access the federal confidentiality law and regulations (codified as 42 USC § 290dd-2 and 42 CFR Part 2).
Webinar presentation by Partners for Recovery and Legal Action Center on How to apply the Federal alcohol/drug confidentiality regulations – 42 C.F.R. Part 2 – to Health Information Technology (HIT)