By Diane M. Racicot and Tina Safi Felahi

The misuse of drugs, including opioids, is currently one of the most serious public health problems in the United States. While health officials grapple with ways to address the drug epidemic (e.g. expansion of access to naloxone, tougher laws regulating opioid prescriptions), the treatment gap remains large.

That said, over the past several years, the U.S. Department of Health and Human Services (HHS) has worked to expand the availability of treatment, and has also established medication assisted treatment (MAT) as the standard of care for treatment of opioid use disorder.* As the country continues to fight the opioid crisis, entities providing prevention, treatment, and recovery services will want to ensure they understand heightened privacy obligations and implement processes to address the complex requirements imposed by the regulations governing the confidentiality of substance use disorder (SUD) information.

The regulations implementing the law – 42 Code of Federal Regulations (CFR) Part 2 – are commonly referred to as “Part 2.” Part 2 generally prohibits treatment programs from disclosing patient identifying information (PII), meaning any information by which the identity of a patient can be determined with reasonable accuracy (e.g., a name, address, photograph), without patient consent. The Part 2 regulations were most recently updated in 2017 and 2018, when the Substance Abuse and Mental Health Services Administration (SAMHSA) issued Final Rules amending Part 2.

While significant changes have occurred within the U.S. health care system since Part 2 was first implemented, SAMHSA indicated in its 2018 Final Rule that persons with SUDs may still encounter discrimination if their information is improperly disclosed. Negative consequences can include anything from loss of child custody and employment to incarceration. Thus, confidentiality remains a top concern for those receiving treatment.

As a preliminary step, it is important for SUD treatment programs to determine whether they are covered by Part 2, which only applies to those entities or individuals which are both “federally assisted” and meet the definition of “program” under Part 2. An individual physician may also meet the definition of a Part 2 program in certain circumstances. Once the entity or individual determines that Part 2 applies, it must then ensure that it is complying with Part 2 requirements.

Part 2 carries significant criminal and civil penalties for violations, and it often takes months for entities (particularly those which include Part 2 programs as a part of a larger, multi-use facility) to implement changes to comply with Part 2. For this reason, once it is determined that an entity qualifies as a Part 2 Program, it is important to expeditiously develop policies, procedures, and documents for use in the program.

For treatment programs which have been aware that they are required to comply with Part 2, the 2017 and 2018 amendments to Part 2 did not greatly affect existing practices for protecting patient confidentiality. The amendments were significant, however, from a compliance perspective. They drew attention to Part 2 (which had last been updated in 1987) both by treatment programs which might not have previously understood they were covered by Part 2, and also by payers and auditors, which are requiring compliance with Part 2.

Notably, Part 2 is often confused with the requirements imposed by the Health Insurance Portability and Accountability Act (HIPAA). In light of the stigma associated with SUDs and the vulnerability of Part 2 patients, however, Part 2 imposes separate, stricter requirements than HIPAA. This is confusing for health care clients, who may incorrectly conclude they are compliant with Part 2 simply because they are compliant with HIPAA.

The full Part 2 regulations can be found here. We can provide guidance addressing providers’ questions regarding applicability of Part 2 and if appropriate, implementation of Part 2 confidentiality requirements.

* Community health centers funded by the Health Resources and Services Administration (HRSA) saw a 64 percent increase in patients receiving MAT between 2016 and 2017. In 2018, HHS awarded more than $2 billion in grants to support state, local, and tribal governments, health centers, and other entities in providing prevention, treatment, and recovery services. Learn more here.