Individuals with substance use disorders (SUDs) have largely been unable to participate in healthcare models involving health information exchange because of federal regulations around consent. In February the Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposal to update these rules. But on April 6, the American Medical Informatics Association called the proposed revisions “well-intentioned, but ultimately insufficient.”
The regulations, known as 42 CFR Part 2 related to the confidentiality of alcohol and drug abuse patient records were first written in 1975 out of concern that the information could be used against individuals, causing them to avoid seeking needed treatment. But the way the regulation was written, it required the patient to consent every time their data was shared or accessed, which HIEs and healthcare organizations have found very difficult to implement. Many HIEs have just avoided the issue during their startup phases.
In comments submitted to federal officials, AMIA said: “Logistical barriers and widespread confusion about the regulatory requirements often paralyze organizations from exchanging data or coordinating care with facilities regulated by 42 CFR Part 2.”
In updating the 42 CFR Part 2 rules, SAMHSA is seeking to address the need to:
• Increase opportunities for individuals with substance use disorders to participate in new and emerging health and healthcare models and health IT;
• Facilitate the sharing of information within the health care system to support new models of integrated healthcare;
• Improve patient safety while maintaining or strengthening privacy protections for individuals seeking treatment for substance use disorders; and
• Decrease burdens associated with several aspects of the rule, including consent requirements.
SAMHSA proposes to allow SUD patients to use a general designation in the “To Whom” section of the consent form, so that consent is not required each time it is requested by a clinician, a hospital, HIE or an accountable care organization.
AMIA said the long-anticipated proposed rule takes one step forward – allowing a consent to specify a class of treating providers, but also takes two steps back: (1) potentially making it more difficult to disclose Part 2 information to an organization without a treatment relationship; and (2) providing patients with the right to an accounting of disclosures that HIPAA has shown to be of dubious value in comparison to its burden.
AMIA called on HHS to put a renewed emphasis on technical solutions that would give patients granular control over their entire medical record, not just SUD information. “Only by addressing the full challenge of keeping sensitive information confidential, and by giving patients complete access and granular control of all their health data, can SAMHSA fulfill its statutory obligations and realize their stated goals,” AMIA said.
“The difficulty of managing SUD data differently than every other piece of health information is, in itself, a dated concept and a flawed approach,” said AMIA Board Chair and Medical Director of IT Services at the University of Washington’s UW Medicine, Thomas H. Payne, M.D., in a prepared statement. “Patients have varying degrees of concern for how mental health, reproductive health and other sensitive data is shared. We need a holistic approach that reflects patients’ wishes and gives patients complete control of their entire medical record.”
