Big changes may be on the horizon to federal rules meant to safeguard patient records for substance use disorder, sparking a renewed debate between providers and patient groups.
The so-called Part 2 rule predates the landmark patient privacy rule HIPAA and is stricter. It was intended to address the stigma that can be associated with seeking treatment for substance abuse by requiring patient consent for disclosure of protected health information even for the purposes of treatment and payment. A doctor treating a patient for substance abuse can't share any identifiable records with a patient's other providers, for example, without express written consent.
Any federally assisted program that provides treatment for alcohol or drug misuse must comply, along with third party payers.
Some providers have argued the rule is redundant and overreaching. HHS Deputy Secretary Eric Hargan called the rule "onerous" at the America's Health Insurance Plans' national policy conference last week, telling attendees to "watch this space very carefully." HHS did not respond to a request for a timeline or any details of the potential alterations.
Both the American Hospital Association and AHIP back aligning Part 2 with HIPAA. The American Medical Association and patient advocates, however, argue that any change to the rule would put mental health patients at risk and could drive them away from seeking treatment for fear details about their condition would be released.
How to handle records for these patients has taken on new urgency as the opioid epidemic rages on.
An improved ability to communicate patient needs could help outcomes along the care continuum, but those wary of changes to the law say anything that might keep people from seeking care because of a worry of discrimination should be avoided.
Significant changes to Part 2 would have to come at the legislative level, and legal experts debate what guidance HHS could give to tweak compliance with the rule. Most suggestions would allow for some sharing of information with other providers or patients' family members without explicit patient consent for purposes of treatment, payment or operations.
Current leadership at CMS has made deregulation a priority, so it could see such privacy changes as a goal worthy of pursuit.
Why change?
One argument for revising Part 2 is that the rules are now overtaken by HIPAA and no longer necessary. Keeping all of it on the books is not efficient, Iliana Peters, lawyer at Polsinelli, told Healthcare Dive.
"Part 2 in a lot of ways is duplicative and unnecessary and overly burdensome given that it is extremely difficult to share information that is covered by Part 2 and there are criminal penalties attached," she said.
It doesn't make a lot of sense for substance use disorder treatment to be called out when there are numerous areas that require robust privacy protection, including HIV/AIDS status. As more genetic testing information becomes part of the medical record, those data could also be of extreme sensitivity, questioning why SUD records are singled out, Peters said.
"Certainly, I think it's time for Congress to revisit Part 2," she said.
Andrew Sperling, director of legislative advocacy for the National Alliance on Mental Illness, agrees that changes could be beneficial. The key, he told Healthcare Dive, is to align with HIPAA and stick to regulation for those three areas of treatment, payment and operations. It's important for other protections to remain.
"I don't think you want to get rid of it because it does serve a purpose outside the context of healthcare," he said. "We don't want landlords and employers and life insurance companies getting these records."
A single set of rules should cover all treatment records. That way, doctors can have full knowledge of a patient's history. Without that, value-based care and care coordination suffer, Sperling said. "That's a huge barrier to integration, and it fails the principle of parity that we've advocated for more than a quarter of a century," he said.
The American Hospital Association holds a similar stance. In its response to the RFI on potential changes to HIPAA issued late last year, the lobby said alignment of Part 2 and HIPAA should be the goal. "Permitting providers to handle and treat patient data related to behavioral health as simply another part of a patient's health care data protected by HIPAA is a critical component of a demonstrated more effective approach to caring for and achieving the best outcomes for all patients," AHA wrote.
Case for status quo, caution
The American Medical Association, however, has thrown its weight against substantial change to Part 2. Last year, when Congress was debating an opioid package that included loosening the regulation, AMA lobbied against it. That part of the bill was eventually nixed.
A spokesman told Healthcare Dive AMA continues "to believe that explicit, written patient consent is necessary before sharing information covered by Part 2."
Robert Tennant, director of health IT policy for MGMA said Part 2 is "a complicated subject" for doctors. Especially as the opioid crisis rages, physicians want to make sure patients get the treatments they need while also watching for those who may be doctor shopping or seeking opioids.
Doctors at smaller practices may decide it isn't worth the time it takes to jump through regulatory hoops to prescribe the drugs, instead referring patients to a pain management specialist. That could limit or delay availability for someone who has a real need for the powerful pain medication.
But then again without those rules, doctors could have difficulty determining that a patient would be put more at harm if they're handed a prescription, Tennant told Healthcare Dive.
"It's a balance between wanting to protect the information, wanting the patient to feel comfortable going for treatment and giving the physician the complete picture," he said. "And I don't know if there's an easy answer."