On February 9, 2016, the federal government waded back into the regulatory waters of the privacy of substance use disorder records by issuing proposed regulations. The last substantive update to regulations relative to confidentiality of substance use records was in 1987. It would be a gross understatement to say that the methods for treating “substance use disorder”, as well as the health information exchange technology available for record keeping, have changed dramatically. However, the concerns behind the heightened privacy of these records remain the same. The Substance Abuse and Mental Health Services Administration of the U.S. Department of Health and Human Services (SAMHSA), as well as state and local health departments, want to ensure that patients with substance abuse problems have the ability to benefit from new health care models without fear of putting themselves at risk that the records relating to treatment could result in loss of a job, loss of housing, loss of child custody, discrimination by health care providers and insurers, or worse – arrest, prosecution or incarceration.
That said, one of the keys to unlocking the benefits of the new integrated health care models is the appropriate exchange of patient data by and among those in the health care delivery system treating a patient. The trick is balancing the need for informed consent from a patient. In contrast to the “let the data flow” proponents, there is the need to retain the necessary assurance of privacy and security associated with substance use disorder records, so that an individual is not deterred from seeking help.
While health information exchanges (“HIEs”) have grown from regional to statewide networks (the Statewide Health Information Network for New York, or SHIN-NY, is up and running in New York), there is a need to maintain the confidentiality that exists in the paper world for what is referred to as “Part 2” data.
The proposed regulations issued on February 9, 2016 move toward more general patient consent options being offered to patients. The updates include the proposal to revise the definition of “Records” to include “any information, whether recorded or not, received or acquired by a Part 2 program relating to a patient. For purposes of these regulations, records include both paper and electronic records.” Moreover, the proposals would expand the “To Whom” section of the consent form to include HIEs in the definition or “Organizations” to whom consent may be given by a patient. In turn, this section of the consent form will also advise the patient of his/her right to obtain a list of entities to which their information has been disclosed.
Current technology limitations and administrative burdens on the health information exchanges making up the SHIN-NY are a work in progress. It will be interesting to see how the regulations get adjusted based on comments from the equally passionate group of privacy advocates versus those who espouse the maximum availability to access by those involved in treatment. One thing all can agree on is that public confidence in the exchange of data, whether “ordinary” protected health information or “super” confidential Part 2 data, is a must.