Select Page

SAMHSA is charged with implementing 42 CFR Part 2 regulations

42 CFR Part 2 is a federal law aimed at protecting the confidentiality of substance abuse patient records. It is more restrictive than HIPAA in numerous ways, so you have to be careful with these records should you receive them.

Under 42 CFR Part 2, the restrictions on the disclosure of these particular records apply to “any person who obtains that information from a part 2 program…”1  whereas, under HIPAA, just covered entities and business associates have a duty to protect the confidentiality of records. A “part 2 program” is basically a medical provider that advertises itself as, or whose primary function is providing substance use disorder diagnosis, treatment, or referral for treatment.”2

If you do not receive records from a part 2 program, then you do not have to worry about 42 CFR Part 2.

But with the spike in opioid abuse over the last couple of years, providers are more likely than ever to receive patient substance abuse records. The good news is that these records come with a written notice that they are protected by 42 CFR Part 2 so they are easy to spot.  If you receive any of these records, you are strictly prohibited from disclosing the records to any 3rd party without the written consent of the patient.  There are numerous differences from HIPAA for situations such as subpoenas, court orders, and law enforcement requests.

Takeaways include:

  1. Staff who are involved with processing incoming mail / incoming medical records should be trained regarding these additional restrictions on 42 CFR Part 2 records.  If these staff are involved in scanning and loading the records into EHR software, they should be clearly marked in a prominent location that they are protected by 42 CFR Part 2.
  2. If you participate in a health information exchange, get help to prevent inadvertent sharing of these records with 3rd parties.
  3. Staff who handle release of records should be trained regarding the restrictions of 42 CFR Part 2 records.

If you have questions, Eagle Consulting Partners provides consulting and support on this topic.

References: 

  1. 42 CFR Part 2 § 2.12 Applicability.
  2. 42 CFR Part 2 § 2.11 Definitions.

About Jacob Overdorff

Jacob Overdorff, Consultant for Eagle Consulting

Jacob is a consultant at Eagle Consulting with a legal background and strong focus on HIPAA-Compliance obligations.  He graduated from University of Akron School of Law in 2015, has worked as a law clerk for the International Institute of Akron, and brings research, client service, and management skills to the team.

Pin It on Pinterest