Medical Records Privacy and Confidentiality

SAMHSA supports standards that protect personal health information and advances standards on behavioral health records privacy, consent, and sharing.

SAMHSA continues to advance standards on privacy, consent, and the exchange of behavioral health records. Learn how SAMHSA is implementing the following laws that protect your health information and how it is shared:

Health Insurance and Portability and Accountability Act of 1996 (HIPAA)

HIPAA Standards for Privacy of Individually Identifiable Health Information – 2002 (PDF | 3.8 MB) empowers consumers with privacy rights and protections regarding their health information, including control over how health information is used and disclosed by health plans and providers. SAMHSA offers guidance on complying with the HIPAA Privacy Rule in the document The Confidentiality of Alcohol and Drug Abuse Patient Records Regulation and the HIPAA Privacy Rule: Implications for Alcohol and Substance Abuse Programs – 2004 (PDF | 380 KB), which explains what programs must comply with the HIPAA Privacy Rule and outlines requirements for compliance.

Alcohol and Drug Abuse Patient Records Privacy Law

The Confidentiality of Alcohol and Drug Abuse Patient Records (CFR Title 42: Part 2) regulation specifies restrictions concerning the disclosure and use of patient records that include information on substance use diagnoses or services. SAMHSA published Applying the Substance Abuse Confidentiality Regulations to instruct practitioners in complying with the federal law. With an emphasis on electronic health records and health information, SAMHSA also published Applying the Substance Abuse Confidentiality Regulations to Health Information Exchange – 2010 (PDF | 260 KB).

Last Updated: 03/14/2016