HIPAA sets the standards for how to manage uses and disclosures of Protected Health Information (PHI) for most areas of healthcare. However, its rule on the information pertaining to the treatment of substance use disorders is different. Regulations for this information are contained in the Substance Abuse and Mental Health Services Administration (SAMHSA) under 42 CFR Part 2.
This regulation has strict controls on the release and re-release of patient information. HIPAA controls only the release aspect of health information. Once the information gets released, it can be used according to the regulations and obligations of the receiving party. Part 2 places obligations on the recipients to provide further protection under Part 2 rules.
From the time of its inception, 42 CFR Part 2 has framed rules that have required each and every release of information to be accompanied by a consent. But lately, new rules allow release to what it describes as “others involved in my care”. This could include re-release of information without a new consent.
The aim of introducing this new option is simple: HIPAA wants the release and re-release of information to be uncomplicated. Yet, its implementation can be quite an effort. HIPAA mandates that the source releasing the information should make it possible to report to the individual a list of parties to whom the information has been released. In principle, the accounting aspect for these disclosures is similar to the HIPAA accounting of disclosures, but goes deeper: it applies to treatment disclosures all the way down the chain of releases.
The aim of a webinar being organized by MentorHealth, a leading provider of professional training for the areas of healthcare, on May 17, will help its participants understand the ways by which HIPAA, Consents, and 42 CFR Part 2 can make tracking the release of information under conflicting rules easier.
The speaker of this webinar session is Jim Sheldon-Dean, the founder and director of compliance services at Lewis Creek Systems, LLC. To enroll for this rich learning experience, please register for this webinar by visiting MentorHealth
—————————————————————————————————————
Jim will clarify on the core point of difference between HIPAA and SAMHSA when it comes to disclosures and other important elements. HIPAA allows a number of disclosures, for treatment, payment, and healthcare operations purposes, without requiring consent from the individual being treated, whereas SAMHSA requires consent for every disclosure or re-disclosure. Further, if the proper consents are not obtained, SAMHSA rules hold the provider to be in violation of the rules and subject it to penalties.
All the aspects of this important regulation are covered at this webinar:
- What HIPAA allows, what SAMHSA requires, and the differences will be explained
- We will examine how to determine if the services you provide place you under 42 CFR Part 2
- We will explore the means for making sure substance abuse treatment information receives the appropriate protections
- The Consent and Release Requirements under HIPAA will be explained
- The consent and Release Requirements under 42 CFR Part 2 will be explained
- Re-release of Information released under 42 CFR Part 2 will be discussed
- Sharing of information with family and friends in an overdose incident will be explored
- Requirements for Providing an accounting of disclosures of Part 2 information will be explained
- Challenges in managing mixed records with some Part 2 and some non-Part 2 data will be discussed.
—————————————————————————————————————-
About the speaker: Jim Sheldon founded his Vermont-based firm in 1982. It has since been providing information privacy and security regulatory compliance services to a wide variety of health care entities. Sheldon-Dean has more than 30 years of experience in policy analysis and implementation, business process analysis, information systems and software development.
He serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences.
MentorHealth 