Proposed Reforms to 42 CFR Part 2 to Improve Care Coordination and Treatment
Rachel V. Rose, JD, MBA
This auditing and compliance “Tip of the Week” was originally published by the National Alliance for Medical Auditing Specialists (NAMAS), a division of DoctorsManagement.
The Substance Abuse and Mental Health Services Administration (SAMHSA) has been busy over the past couple of years. “The 42 CFR part 2 regulations serve to protect patient records created by federally funded programs for the treatment of substance use disorder (SUD).”1 In January 2017, a major update to 42 CFR Part 2 (hereinafter “Part 2”) was unveiled, marking the first such change since the law’s inception in 1975.2
Then, a subsequent final rule was issued on January 2, 2018.3 Now, SAMHSA is proposing to revise Part 2 again. While the proposed rule will not alter the fundamental privacy and confidentiality framework and will continue to prohibit law enforcement’s utilization of SUD records in criminal prosecutions against the patient, as well as restricting disclosures of patient records without patient consent and other valid reasons, there are several modifications to a multitude of sections.4
First, as a refresher, let’s review some of the key takeaways from the January 2018 Final Rule, which include the following:
- Additional disclosures of patient identifying information under the Confidentiality of Alcohol and Drug Abuse Patient Records in order to promote integrated and coordinated care.
- Reiterated that the January 18, 2017 SAMHSA Final Rule provided for greater flexibility within the healthcare system of disclosing patient identifying information while balancing the need to protect the heightened, sensitive nature of substance abuse records.
- Alignment with HIPAA and the HITECH Act is being explored.
- “In response to comments received that the abbreviated notice did not provide an adequate warning against potential misuse of patient identifying information, SAMHSA, in this final rule, has modified the language in the abbreviated notice to more explicitly notify recipients that improper use or disclosure is prohibited under 42 CFR part 2.”
- Finalized clarifications as proposed in §2.33(b) except for the list of 17 specific types of payment and healthcare operation activities that a covered entity, business associate or legal representative would be allowed to further disclose utilizing the minimum necessary standard.
- Emphasis on the public policy behind SAMSHA that, “[u]nauthorized disclosure of substance use disorder patient records can lead to a host of negative consequences, including loss of employment, loss of housing, loss of child custody, discrimination by medical professionals and insurers, arrest, prosecution, and incarceration. The purpose of the part 2 regulations is to ensure that a patient is not made more vulnerable.”5
In conclusion, there are a lot of moving parts and changes to keep up with. Be vigilant for the final rules and keep track of which items in the proposed rules remain the same in the final rule and which ones change. The fundamental item to remember is that SUD records are given heightened privacy protections when compared to regular medical records. Failing to honor these factors and, when necessary, distinguish them from the Health Insurance Portability and Accountability Act (HIPAA) requirements, can lead to adverse legal proceedings and government enforcement actions.
 See https://www.hhs.gov/about/news/2019/08/22/hhs-42-cfr-part-2-proposed-rule-fact-sheet.html (Aug. 22, 2019).
 42 CFR Part 2, https://www.law.cornell.edu/cfr/text/42/part-2 (last visited Nov. 5, 2019).
 83 Fed. Reg. 239 (Jan. 2, 2018).
Supra, n. 1.
 Rachel V. Rose, JD, MBA, SAMSHA Final Rule: What Docs Need to Know (Jan. 25, 2018), https://www.physicianspractice.com/article/samsha-final-rule-what-docs-need-know.
 Supra n. 1.This
This week’s Audit Tip Written By:
Rachel V. Rose, JD, MBA
Rachel V. Rose, JD is a Houston-based attorney
advising on federal & state compliance and areas
of liability associated with a variety of healthcare,
legal and regulatory issues.
eek’s Audit Tip Written By:
Here’s why thousands of providers trust DoctorsManagement to help improve their coding and documentation.
Quality of coders and auditors. Our US-based auditors receive ongoing training and support from our education division, NAMAS (National Alliance of Medical Auditing Specialists). All team members possess over 15 years of experience and hold both the Certified Professional Coder (CPC®) as well as the Certified Professional Medical Auditor (CPMA®) credential.
Proprietary risk-assessment technology – our auditing team uses ComplianceRiskAnalyzer(CRA)®, a sophisticated analytics solution that assesses critical risk areas. It enables our auditors to precisely select encounters that pose the greatest risk of triggering an audit so that they can be reviewed and the risk can be mitigated.
Synergy – DoctorsManagement is a full-service healthcare consultancy firm. The many departments within our firm work together to help clients rise above the complexities faced by today’s healthcare professionals. As a result, you receive quality solutions from a team of individuals who are current on every aspect of the business of medicine.