Hi Kelly,That is a really flow sheet, thank you for sharing. I think Julianna's question, and I know my question, is more about receiving records from a Part 2 hospital and identifying them properly within our own record so we don't break the law. How will we know when we receive records from a Part 2? Are they supposed to tell us? Will there be an identified disclaimer on the records or something?
Julie's quest to determine how to know if a provider participates in the 42 CFR Part 2 program seems to reside in the CE or BA's determination upon accepting the patient for treatment. The governing body SAMHSA provided guidelines to secure SUD patients from fear of retribution. The gatekeeper is the patient's authorization to move the record. TPO by HIPAA doesn't apply. So, the question remains, how does the entity know the patient is protected under Part 2?I would think the SUD type of record would raise the flag obviously and require determination of part 2 participation. The contracted obligation of the CE or BA would be included in the contracts the business office would keep. So, my best guess based on whether the provider receives federal funding and hold themselves out to the public as providing SUD diagnosis, treatment or referral for treatment must abide by additional confidentiality protections above and beyond the HIPAA Rule and Part 2.This would come from HIPAA Privacy Officer and Administrative Office working together to create and maintain list of providers participating in 42 CFR Part 2 program. I would also think that in the EHR system, these providers would be included in a table of some sort or insurance classification. As for the release of record, as Sherry added in her post, a disclosure statement would be necessary, (paper or electronic) but the authorization by the patient is required to be kept on file and pertinence given to re-authorization by the patient to each separate occurrence of ROI.Have a nice week!