January 27, 2020

January 27, 2020

Subscribe to Latest Legal News and Analysis

Another Chance for HIPAA and Part 2 Harmony?

There are reports that HHS plans to issue a proposed rule next month, which would again amend 42 CFR Part 2 (“Part 2”) and modify how the medical records of patients with substance abuse disorders are currently shared between providers. Part 2 amendments, especially amendments to align Part 2 with the Health Insurance Portability and Accountability Act (“HIPAA”), would be welcome news to the many stakeholders in the industry who have repeatedly voiced their concerns regarding the regulatory hurdles that surround the disclosure of drug and alcohol treatment records.

Part 2 governs how federally-assisted programs use and disclose records related to substance use disorders. These regulations apply to most individuals and entities that hold themselves out as providing substance use disorder diagnosis, treatment, or referral for treatment, who also participate in Medicare or Medicaid, have a DEA registration to dispense controlled substances, are supported by funds provided by a U.S. department or agency (which includes Medicare), or are tax exempt or claim tax deductions in connection with the program.

Part 2 and HIPAA diverge in material respects, especially with regard to when medical records may be shared without a patient’s consent. Under HIPAA, a covered entity may generally use or disclose protected health information for treatment, payment, or health care operation purposes without a patient’s consent. With limited exceptions, Part 2 requires a program to attain a patient’s explicit written consent for such purposes in connection to the disclosure of records related to substance use disorders, including the disclosure to a treating provider. Moreover, Part 2 requires that the consent identify the individuals or entities who will receive the information, as well as specify the kind and amount of information that can be disclosed to each of the recipients named in the consent.  Part 2 as amended in 2017 does permit a consent to include a general designation, such as “all treatment providers.” However, a Part 2 program must be prepared to provide a list of entities to whom the patient’s information has been disclosed. 

Given the interconnectedness of today’s healthcare environment, where data and information are shared electronically through health information exchanges in order to coordinate care and treatment, such restrictions can cause a logistical nightmare for providers. Moreover, some stakeholders have argued that the barriers imposed by Part 2 leave providers with only a partial view of a patient’s medical record, creating dangerous blind spots where opioids are prescribed because a provider is unaware of a patient’s past dependence or abuse.

It remains unclear what the proposed rule will entail, whether it will achieve the goal of HIPAA and Part 2 harmonization, and how it might simplify the process of sharing Part 2 patient records for treatment. We will continue to monitor the situation and report back.

©1994-2020 Mintz, Levin, Cohn, Ferris, Glovsky and Popeo, P.C. All Rights Reserved.


About this Author

Dianne Borque, Health Care, licensure, risk management, attorney, Mintz
Of Counsel

Dianne advises a variety of health care clients on a broad range of issues, including licensure, regulatory, contractual, and risk management matters, and patient care. As former in-house counsel to an academic medical center, a large part of her practice involves counseling researchers and research sponsors in matters related to FDA and OHRP regulated clinical research, including patient consent, access to and use of tissue and associated patient information, and the Institutional Review Board process. In addition, Dianne currently serves as a Vice Chair of AHLA's...

(617) 348-1614

Matt advises health care clients on regulatory and transactional matters, including fraud and abuse, HIPAA privacy and security, and general contracting.

Prior to joining Mintz, Matt worked as in-house counsel at an independent hospital and outpatient facility, where he provided guidance on a range of fraud and abuse issues, including compliance with the Stark Law, the Anti-Kickback Statute, and the False Claims Act. He also counseled on HIPAA privacy and security as well as other regulatory matters. Matt handled the structuring and negotiation of physician and referral source arrangements, negotiated vendor contracts, and assisted in the formation of a Medicare Shared Savings Program Accountable Care Organization. In addition, Matt conducted due diligence and drafted, negotiated, and finalized complex transactions for the facility. He also regularly provided guidance on corporate governance issues and prepared regulatory and corporate filings.

Matt received the Health Law Certificate at the University of Maryland ‘s Francis King Carey School of Law and was a law clerk in the Office of the General Counsel at the Johns Hopkins Health System and at the Maryland Department of Health and Mental Hygiene.