Health Information Technology ... What It Means for You
By Sandy D. Cogan
As the Nation strives to increase access to affordable care, technology is playing a key role. Both health information technology (HIT) and its corollary, electronic health records (EHRs) are central to improving the delivery of services so that that all Americans— including those with behavioral health conditions—benefit from health care system reform. What does this mean for behavioral health service providers and consumers?
The potential benefits are enormous. Through effective use of health data, Americans will have access to a robust health care system that provides higher quality care, increased cost-efficiency, and improved access to patient-centered, affordable care.
However, many behavioral health providers, as well as consumers and their families, have real concerns about how EHR systems and real-time access to sensitive medical information can be achieved while fully protecting their confidentiality. Providers and consumers want to know how to use promising new technologies securely while simultaneously safeguarding the privacy of EHR information.
Recently passed legislation, including the Affordable Care Act (ACA) and the Health Information Technology for Economic and Clinical Health Act (HITECH), which was enacted as part of the American Recovery and Reinvestment Act (ARRA) provide support and incentives for States and communities to integrate behavioral health care with primary care through the effective use of HIT. These federal incentives are leading primary care providers to embrace EHR systems.
Most behavioral health providers were not included in the initial financial incentive programs, leading to slower adoption of these innovations. Their late start in transitioning from paper to electronic records is also due to concerns about protecting sensitive information, the expense of EHR systems, and a history of independent operation from the broader medical health care system.
Concerns about protecting the confidentiality of sensitive behavioral health information are long-standing. Language within the Code of Federal Regulation (42 CFR Part 2) has guided providers of services for substance use disorders (SUD) for more than three decades. (See Behavioral Health IT Resources.) These regulations, enacted in the 1970s, ensured that individuals with SUDs were not deterred from entering drug treatment for fear that their treatment records would be used to judge them or criminally prosecute them for drug use. 42 CFR Part 2 protects the privacy and confidentiality of treatment records residing in substance use treatment facilities. The regulations, which predate the 1996 Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule, strictly prohibit the unauthorized disclosure and use of records maintained in connection with any federally assisted alcohol or drug use treatment program. Only with a patient’s expressed consent or a court order can information be released to a third party.
In contrast, the HIPAA Privacy Rule, established primarily to reduce waste and fraud in the health insurance industry, permits use and disclosure of patient information for treatment, payment, and health care operations, as well as certain other disclosures without the individual’s prior written authorization.
Under HIPAA, a mental health exception requires patient authorization before disclosing psychotherapy notes.
HIPAA, 42 CFR Part 2, and applicable State laws that regulate the confidentiality of mental health treatment information raise questions for providers about patient confidentiality regarding disclosure of EHR information. For example, providers want to know how to handle release of information in the case of a medical emergency or when the information is needed to avoid possible harm that may result from drug-drug interactions.
In June 2010, SAMHSA responded to these questions through release of a frequently asked questions (FAQs) document, “Applying the Substance Abuse Confidentiality Regulations to Health Information Exchange."
Additional provider questions resulted in a second set of FAQs, developed in collaboration with the Legal Action Center. These FAQs about 42 CFR Part 2 were introduced at a regional stakeholder meeting in December 2011 and posted on SAMHSA’s Web site.
H. Westley Clark, M.D., J.D., M.P.H., Director of SAMHSA’s Center for Substance Abuse Treatment (CSAT), cautioned that the 42 CFR Part 2 FAQs are explanations and not legal documents. He added that they also explain how 42 CFR Part 2 could affect primary care providers who conduct screenings, hold interventions, and write prescriptions for medications appropriate for patients with substance use problems. SAMHSA is continuing to work with the behavioral HIT vendors and treatment provider communities to address these and other issues related to using HIT to share sensitive behavioral health information.
SAMHSA has initiated multiple efforts to foster development of technologies to support behavioral health care.
“Our goal is to help enhance the quality and expansion of behavioral health services,” Dr. Clark said, “so that Americans with addiction or mental health issues will be able to reap the benefits of health reform.”
A Closer Look at HIPAA and 42 CFR Part 2
The Health Insurance Portability and Accountability Act of 1996 (HIPAA), with amendments included in the Health Information Technology for Economic and Clinical Health(HITECH) Act
HIPAA Consent Requirements
Federal Confidentiality Regulation of Alcohol and Drug Abuse Records (42 CFR Part 2)
42 CFR Part 2 Consent Requirements
For more information, visit "SAMHSA Enhances Technology Efforts" and http://www.samhsa.gov/healthIT.