The Department of Health and Human Services recently issued a proposed rule that would streamline the federal regulations governing the confidentiality of substance use disorder (SUD) patient records at 42 CFR Part 2 (Part 2) with the Health Insurance Portability and Accountability Act and its implementing regulations (HIPAA). Comments on the proposed rule are due to HHS by January 31, 2023

For years, health care providers regulated by both Part 2 and HIPAA and their patients, have wrestled with the inconsistencies across these two privacy frameworks. Part 2, for example, currently imposes different patient consent requirements and disclosure restrictions on Part 2-protected SUD treatment records (Part 2 Records) than HIPAA, even though such records often constitute protected health information (PHI) as well. The inconsistencies (and in some cases, conflicts) between HIPAA and Part 2 requirements have created barriers to information sharing and confusion and compliance challenges for entities regulated under both frameworks, which in turn have unnecessarily impeded treatment access and care coordination.

As noted in the HHS fact sheet and the press release issued by the Substance Abuse and Mental Health Services Administration (SAMHSA), the proposed rule would, if finalized, enhance care coordination, afford patients a formal right of access to their SUD records, and extend HIPAA’s breach notification standards to Part 2-regulated providers and information. The proposed rule would also allow health care providers to align internal privacy compliance programs, the importance of which is underscored by another proposal to impose the same HIPAA civil and criminal penalties on regulated providers for noncompliance with Part 2 regulations.

Continue Reading HHS proposes update to Part 2 confidentiality regulations to align with HIPAA

On June 29, 2022, the U.S. Department of Health & Human Services’ Office for Civil Rights (“OCR”) issued two pieces of guidance clarifying the applicability of the Health Insurance Portability and Accountability Act (“HIPAA”) related to privacy of information connected to an individual’s reproductive health. 

Through this guidance, HIPAA addresses both protected health information (“PHI”), which is subject to HIPAA’s rules, as well as general, personal information that is not directly protected by HIPAA.

Continue Reading New Guidance by OCR addresses HIPAA and Disclosures of Information relating to Reproductive Health

As the health care industry as a whole comes to grips with the fallout from the U.S. Supreme Court’s decision to overturn Roe v. Wade in Dobbs v. Jackson Women’s Health, here at Reed Smith we have formed a Reproductive Health Working Group to bring expertise from the across our many specialty areas to help our clients to prepare for the post-Dobbs reality.

To that end, we have generated a series of “unanswered questions” client updates to reflect the issues that a Roe reversal may have for the health care industry. Earlier posts on this blog have shared the parts of that series that focused on pharmacieshealth care providers, and fertility practices, and employee benefit plans.

The Working Group has put together two new updates to branch into the employment and privacy areas.

Continue Reading Unanswered Questions on Privacy and Employment from Supreme Court Overturn of Roe v. Wade

Over the last decade, members of the medical and public health communities around the world have widely studied and acknowledged the impact of social determinants of health (SDOH)—the conditions in the environments where people live, learn, work, play, and age—on a wide range of health, functioning, and quality-of-life-risks and outcomes.[1]  In the past year

It is no secret that the coronavirus pandemic has driven our daily lives digital—work, education, social gatherings, and, of course, health care. Congress and CMS responded to the public health emergency by waiving limitations on reimbursement for telehealth services rendered to Medicare patients. These waivers introduced new flexibility and vastly expanded Medicare patients’ access to

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR), the agency that enforces the Health Insurance Portability and Accountability Act of 1996 (HIPAA), is the latest federal agency to jump on the HHS rulemaking bandwagon issuing a Notice of Proposed Rulemaking (NPRM) on December 10, 2020, that proposes pivotal changes

The Department of Health & Human Services (HHS) Substance Abuse and Mental Health Services Administration (SAMHSA) has proposed revisions to federal rules governing the confidentiality of patient records created by federally-assisted substance use disorder (SUD) treatment programs.  The proposed rule is intended to support coordinated care among providers that treat patients with SUDs, while maintaining

The Substance Abuse and Mental Health Services Administration (SAMHSA) has issued a final rule addressing the disclosure of substance use disorder patient records that is intended to facilitate health care activities while protecting patient privacy.  The final rule identifies the circumstances under which lawful holders of patient identifying-information may disclose such information to their contractors,

A new Substance Abuse and Mental Health Services Administration (SAMHSA) final rule is intended to modernize federal regulations governing the confidentiality of substance abuse records. SAMHSA explains in the preamble that it the agency “wants to ensure that patients with substance use disorders have the ability to participate in, and benefit from health system delivery

The Substance Abuse and Mental Health Services Administration (SAMHSA) published a proposed rule on February 9, 2016 that is intended to modernize regulations governing the confidentiality of substance abuse records to ensure that patients with substance use disorders have the ability to participate in new integrated health care models that emphasize coordinated care while addressing

Earlier this year, President Obama launched a high-profile “Precision Medicine Initiative” (PMI) to develop treatments, diagnostics, and prevention strategies tailored to the individual genetic characteristics of each patient.  On July 8, 2015 the White House released for public comment a draft document entitled “Precision Medicine Initiative: Proposed Privacy and Trust Principles,” which provides broad guidance

The following Congressional panels have held hearings recently on various health policy issues:

  • The House Science, Space, and Technology Committee held a hearing entitled, “Can Americans Trust the Privacy and Security of their Information on HealthCare.gov?”;
  • The Senate Health, Education, Labor and Pensions (HELP) Committee held a hearing on the reemergence of vaccine-preventable diseases; and

The Government Accountability Office (GAO) has assessed the effectiveness of CMS controls intended to protect the security and privacy of the information and information technology (IT) systems used to support Healthcare.gov. The GAO determined that while CMS has taken steps to protect Healthcare.gov security and privacy, “weaknesses remain both in the processes used for managing

As reported on our sister blog, http://www.lifescienceslegalupdate.com/, the HHS Office for Civil Rights (OCR) has made a number of recent announcements regarding HIPAA Privacy Rule implementation. First, OCR has issued guidance on how the changes to the HIPAA Privacy Rule’s marketing provisions under the Health Information Technology for Economic and Clinical Health (HITECH) Act

Recent Congressional hearings on health policy issues include the following:

  • A House Energy and Commerce Health Subcommittee a hearing entitled “PPACA Pulse Check: Part 2,” focusing on ACA readiness and implementation issues (Part 1 of the hearing was on August 1, 2013).
  • A House Homeland Security Cybersecurity Subcommittee hearing on “The Threat to Americans’ Personal

HHS is soliciting comments on whether to amend the HIPAA Privacy Rule to expressly permit covered entities holding information about the identities of individuals who are disqualified from possessing or receiving firearms on mental health grounds to disclose limited information to the National Instant Criminal Background Check System. Comments on the rule will be accepted

The Office for Civil Rights (“OCR”) of the Department of Health and Human Services released today the long awaited, and much anticipated, omnibus final rule modifying the HIPAA Privacy, Security, Breach and Enforcement Rules. The final rule, which implements the statutory requirements of the Health Information Technology for Economic and Clinical Health Act (“HITECH”) and the Genetic Information Nondiscrimination Act (“GINA”), is comprised of four final rules and addresses the July 2010 HITECH proposed rule, the Breach Notification and Enforcement interim final rules, as well as the October 2009 GINA proposed rule (collectively, the “HITECH Final Rule”). Notably, the HITECH Final Rule does not address the May 2011 proposed accounting and access report rule.
Continue Reading It’s Here: OCR Releases Long Awaited HIPAA/HITECH Final Rule

On January 8, 2013, the Obama Administration published its latest semiannual regulatory agenda, outlining planned regulatory initiatives in a number of policy areas. The Federal Register version of the agenda includes only a portion of the regulations in the pipeline, however; the full agenda has been posted on the Office of Management and Budget (OMB) web site. Major Department of Health and Human Services (HHS) regulations are highlighted after the jump.

Continue Reading Obama Administration’s Regulatory Agenda Points to Busy 2013 for HHS