In response to HHS SAMHSA proposed rulemaking around 42 CFR Part 2 to ensure the privacy of substance use disorder patient records, industry groups are asking for an alignment with HIPAA.
The Partnership to Amend 42 CFR Part 2, chaired by the the Association for Behavioral Health and Wellness, is calling on the Substance Abuse and Mental Health Services to align the rule with HIPAA to ensure proper patient data access and protect patient privacy.
The Partnership is made up of 50 different healthcare stakeholders, including American Health Information Management Association, CHIME, The Joint Commission, Healthcare Leadership Council, and a host of others.
The comments come in response to SAMHSA’s notice of proposed rulemaking (NPRM) around the confidentiality of substance use disorder patient records. The Department of Health and Human Services SAMHSA released its proposed rule in August in a continuing effort to fuel care coordination across the sector.
Want to publish your own articles on DistilINFO Publications?
Send us an email, we will get in touch with you.
The Partnership made a similar request to Congress to align 42 CFR Part 2 with HIPAA in 2018, as the move would require Congressional action. But Congress failed to include the language in September 2018 opioid legislation.
While the group primarily supports the proposal, the Partnership is asking SAMHSA to clarify certain elements to ensure safe, effective, coordinated care.
“The NPRM is a step in the right direction to lifting some of the constraints to integrated care imposed by the current Part 2 rule,” Pamela Greenberg, ABHW CEO and president, said in a statement.
“However, we strongly encourage SAMHSA to use its full legal authority and further align Part 2 with HIPAA to allow for the transmission of SUD records for the purpose of treatment, payment, and health care operations while maintaining patient protections,” she added. “Only then will we be able to provide the same integrated care for individuals with a SUD as we do for individuals with a mental or physical illness.”
The proposed rule does not align Part 2 with HIPAA for the purposes of treatment, payment, and healthcare operations. The groups explained that access to patients’ entire medical records, including addiction history, would ensure healthcare professionals have all the necessary information to provide safe, effective, high quality treatment, as well as strong care coordination.
Without complete access, a patient could be a risk to contraindicated prescription medicines and problems related to medication adherence, the Partnership noted. Further, the act of attempting to obtain multiple consents from the patient under current Part 2 requirements is challenging and “obstructs whole-person, integrated approaches to care.”
“Aligning Part 2 with HIPAA for the purposes of treatment, payment, and healthcare operations will promote safe, effective, coordinated care for persons with substance use disorders,” Partnership officials wrote. “SAMHSA has the authority to align Part 2 with HIPAA for the purposes of TPO because the Confidentiality Statute allows the Secretary of HHS to revise the Part 2 regulations.”
The Partnership also supports an alignment of the rule with HIPAA, as it would broaden the research exception to individuals or entities not covered by HIPAA or the common rule and “allow researchers to conduct more scientific and public health research on SUD care and SUD populations, and bring more understanding to this area.”
The groups also urged SAMHSA to align QSO agreements with HIPAA-mandated business associate agreements.
“Business associates under HIPAA can receive protected health information from covered entities and can also disclose PHI to other business associates as long as BAAs are in place,” the Partnership wrote. “The standards surrounding BAAs are robust and well-established, and SAMHSA could revise QSOAs so QSOs could also have the same ability to share information as HIPAA business associates.”
“QSOs could then have the ability to provide and receive information about care management and care coordination services, with the same protections that HIPAA business associates have, allowing for more integrated care,” they added.
As an alternative, SAMHSA could allow the QSO agreements to become a multi-party agreement, able to be shared with multiple providers. The groups argued the move would establish a baseline of collective responsibilities to ensure patient privacy when information is disclosed, while fueling care coordination.
The Partnership also suggested the use of an “opt out” consent process, which would let patients determine where their data could be used or disclosed, much like with HIPAA. The consent process should have a default position to establish where the data is used and shared. But the patient could opt out at any time.
Opt out policies have remained a recurring theme in several proposed Congressional privacy legislation packages, driven by an effort to give consumers more control over their data to improve privacy. HHS SAMHSA will accept comments on the rule until the end of the month.