Proposed federal regulations aim to improve integrated patient care for substance use disorders while preserving patient privacy.
The Health & Human Services department “is proposing to modernize the existing rules because new models are built on a foundation of information sharing to support coordination of patient care; the development of an electronic infrastructure for managing and exchanging patient data; and an increased focus on performance measurement and quality improvement within the health care system,” officials said in a statement Feb. 5.
The last substantive update to the Confidentiality of Alcohol and Drug Abuse Patient Records regulations – officially known as 42 CFR Part 2 – was in 1987, prior to either the push for integrated care or the use of electronic health records, according to HHS.
“Health care delivery has changed dramatically since the Part 2 regulations were originally promulgated and updated in the 1970s and 1980s,” Dianne J. Bourque , a Boston-based health law attorney, said in an interview. “Part 2’s stringent limitations on a provider’s ability to use and disclose patient information for purposes other than treatment creates a risk of drug and alcohol treatment patients being excluded from innovative care models like ACOs, health information exchanges, or population-based initiatives aimed at improving the quality and efficiency of care.”
Under the proposed regulations, health care providers would be allowed to share patient information except any records specifically related to substance abuse treatment; the proposal simultaneously would tighten requirements that any associated, identifying records be sanitized. Upon request, providers would be required to provide patients with a list of all entities with which their information has been shared.
When finalized, the updated regulations should be better aligned with other privacy and data security laws, including HIPAA, Ms. Bourque said.
However, “it will not be a large step and providers will still have to deal with overlapping and inconsistent requirements. For example, a HIPAA business associate is not the same thing as a Part 2 Qualified Service Organization, which creates complexity and potentially confusion for both providers and vendors,” she said. “There will be a learning curve. Providers will have to think carefully about third-party contract and consent form language.”
The proposed changes also would revise the medical emergency exception, giving providers more discretion in determining what constitutes an actual emergency.
Comments will be accepted on the proposed regulation at www.regulations.gov through April 11, 2016.
On Twitter @whitneymcknight
