- Opioid epidemic renews confidentiality concerns with Substance Use Disorder records.
- SAMHSA’s Final Rule updates and modernizes its confidentiality (Part 2) regulations.
- The Final Rule attempts to better align Part 2 with HIPAA, yet remains more narrowly focused.
- Permitted disclosures facilitate payment and healthcare operations, and audits and evaluations.
- Compliance officers need to be aware of new and future Part 2 disclosure requirements.
As the national opioid epidemic continues to spread, there is a renewed focus on safeguarding the confidentiality of medical records for patients with mental health and substance abuse issues. Nearly 30 years ago, Congress recognized the stigma associated with substance abuse patients and their reluctance to seek treatment due to fears of prosecution.1 To combat growing concerns about the potential use of substance use disorder (SUD) information against individuals, the Department of Health & Human Services (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) issued the Confidentiality of Substance Use Disorder Patient Records regulations (45 CFR Part 2 or Part 2) in 1987.2 The purpose of the regulation was to ensure that a patient receiving SUD treatment in a federally assisted program (Part 2 program) would not be more vulnerable because of the existence of their patient record than an individual who chose not to seek such treatment. In 2017, SAMHSA published the first substantive update to those regulations since 1987.
Shortly thereafter, SAMHSA built upon that rule and its associated comments and issued another final rule in 2018 to further update and modernize the Part 2 regulations.3 The final rule attempts to better align the Part 2 regulations with the advances in the US healthcare delivery system, such as the use of integrated healthcare models and the exchange of electronic health information, while also maintaining core privacy protections for individuals seeking SUD treatments.