Providers still burdened by separate privacy laws for substance abuse records, AHA says

HCPRO Website, April 11, 2016

Proposed changes to laws providing separate, strict privacy protection to substance abuse records won’t go far enough to help providers offer the best care to patients, according to the American Hospital Association (AHA).

The AHA released a letter April 5 in response to proposed changes to the Confidentiality of Alcohol and Drug Abuse Patient Records 42 CFR Part 2, which currently requires providers to obtain explicit permission from patients to share substance abuse records with other providers.

Currently under 42 CFR Part 2, providers must obtain explicit permission from patients before sharing substance abuse records with other providers. This strict protection is in contrast to HIPAA, which allows providers to share records with other providers for treatment, payment, or other healthcare operations.

The proposed changes would allow patients seeking substance abuse treatment to participate in integrated healthcare models built on information sharing, coordinated care, and electronic data management and exchange. The Substance Abuse and Mental Health Services Administration (SAMSHA) said the modifications are necessary to modernize the regulations and improve patient care.

Although the proposed changes to 42 CFR Part 2 would eliminate some of the barriers preventing providers from sharing substance abuse records in the course of patient care, it still provides separate, stricter privacy protections than HIPAA. The AHA believes the proposed changes don’t go far enough and that 42 CFR Part 2 should be brought into full alignment with HIPAA. This would allow providers to share substance abuse records to coordinate care as they would any other medical records while still offering patients protection against unauthorized disclosures, the AHA said.

However, the underlying statute of 42 CFR Part 2 requires more stringent protection and supersedes HIPAA, according to SAMSHA. Federal protections built into the statute prevent the agency from launching the kind of drastic overhaul the AHA recommends. The AHA countered that argument by saying SAMSHA’s proposed changes don’t take full advantage of what they’re permitted to alter under the current statute. SAMSHA should also educate Congress on HIPAA and lobby to have the underlying statute itself changed, the AHA said.

The letter goes beyond the proposed modifications to 42 CFR Part 2 to advocate for sweeping changes that would allow HIPAA to preempt any existing federal or state laws that require certain types of health information to be handled according to different privacy regulations. Separate privacy structures such as 42 CFR Part 2 create a patchwork of privacy and security regulations that stand in the way of patient care, interoperability initiatives, and population health management, the AHA said.