Photo of Craig Anderson

Craig Anderson

Subscribe to Craig Anderson's Posts
Contact: Read more about Craig Anderson

The Department of Health and Human Services recently issued a proposed rule that would streamline the federal regulations governing the confidentiality of substance use disorder (SUD) patient records at 42 CFR Part 2 (Part 2) with the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA). Comments on the proposed rule are due to HHS by January 31, 2023

For years, health care providers regulated by both Part 2 and HIPAA and their patients, have wrestled with the inconsistencies across these two privacy frameworks. Part 2, for example, currently imposes different patient consent requirements and disclosure restrictions on Part 2-protected SUD treatment records (Part 2 Records) than HIPAA, even though such records often constitute protected health information (PHI) as well. The inconsistencies (and in some cases, conflicts) between HIPAA and Part 2 requirements have created barriers to information sharing and confusion and compliance challenges for entities regulated under both frameworks, which in turn have unnecessarily impeded treatment access and care coordination.

As noted in the HHS fact sheet and the press release issued by the Substance Abuse and Mental Health Services Administration (SAMHSA), the proposed rule would, if finalized, enhance care coordination, afford patients a formal right of access to their SUD records, and extend HIPAA’s breach notification standards to Part 2-regulated providers and information. The proposed rule would also allow health care providers to align internal privacy compliance programs, the importance of which is underscored by another proposal to impose the same HIPAA civil and criminal penalties on regulated providers for noncompliance with Part 2 regulations.

Continue Reading HHS proposes update to Part 2 confidentiality regulations to align with HIPAA

Under provisions of the 21st Century Cures Act (Cures Act), providers of Medicaid-funded personal care services (PCS) and home health care services (HHCS) will need to be fully compliant with their state’s electronic visit verification (EVV) systems by January 1, 2023

Congress passed the Cures Act on December 13, 2016. Among other things, in an effort to increase transparency and reduce fraud in connection with the delivery of health care services, this law mandated that states implement EVV systems for all Medicaid-funded (including under waiver programs) PCS by January 1, 2019, and HHCS by January 1, 2023, in each case where services include an in-home visit by a provider. Subsequent legislation extended the deadline for PCS to implement EVV requirements to January 1, 2020. However, the deadline for HHCS remains January 1, 2023, and is quickly approaching.

Providers of PCS and HHCS services should make sure that they are working towards implementing EVV systems in their own business operations in compliance with applicable state requirements, the majority of which also are requiring provider compliance by January 1, 2023

Continue Reading Home Health Care Services Electronic Visit Verification System Implementation Required by January 1, 2023

On June 29, 2022, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) issued two pieces of guidance clarifying the applicability of the Health Insurance Portability and Accountability Act (“HIPAA”) related to privacy of information connected to an individual’s reproductive health. 

Through this guidance, HIPAA addresses both protected health information (“PHI”), which is subject to HIPAA’s rules, as well as general, personal information that is not directly protected by HIPAA.

Continue Reading New Guidance by OCR addresses HIPAA and Disclosures of Information relating to Reproductive Health

On June 11, 2021, the Department of Health and Human Services (“HHS”) announced that it had released revised reporting requirements for those providers and suppliers that have received Provider Relief Fund payments during the COVID-19 pandemic. Readers may recall that HHS previously issued notices on post-payment reporting requirements starting in July 2020, and that previous