Confidentiality, Privacy and Security

One more 42 Part 2 Update...for those interested

  • 1.  One more 42 Part 2 Update...for those interested

    Posted 19 days ago
    After seeing some of the threads related to 42 part 2...below is "one more link" to another article posted by a firm that explains some of the recent changes for those interested.  It does have a little bit of a "HIPAA angle" which may also be of interest.

    https://www.crowell.com/NewsEvents/AlertsNewsletters/all/SAMHSAs-Final-Substance-Use-Disorder-Records-Confidentiality-Rules-a-Short-Term-Change-Towards-Further-Alignment-with-HIPAA-in-2021/pdf

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------


  • 2.  RE: One more 42 Part 2 Update...for those interested

    Posted 18 days ago
    Thanks Frank ?

    To avoid segregating each and every patient's chart, h ow do we know if the patient we receive on transfer, is from a 42 CFR Part 2 provider?

    There is no Official List !

    Julie





  • 3.  RE: One more 42 Part 2 Update...for those interested

    Posted 18 days ago
    OOPS !

    Thanks Frank !!!






  • 4.  RE: One more 42 Part 2 Update...for those interested

    Posted 18 days ago
    Julianna,

    Quick question...are you a 42 part 2 provider?

    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 5.  RE: One more 42 Part 2 Update...for those interested

    Posted 17 days ago
    No.  However we are a neuropsychiatric hospital.  We are treating their neuropsychiatric/behavioral condition, Our patients may have a secondary SUD condition.

    Most of our patients are transferred from other healthcare providers. These hospitals may have a SUDs unit, or are a SUDs hospital. 

    42 CFR Part 2 requires consent to be obtained for each place we may send records to prior to release of information, if we include these previous records.  This is not covered by the 'blanket admission consent' for TPO.

    If I am reading this correctly, sending records to the next health provider on discharge will require obtaining consent  naming each provider records are sent to - IF previous 42 CFR Part 2 provider's records are included.

    Segregating these records from the current chart - upon admission and during the stay - is not possible, as information is needed by clinical staff.

    My concern, during the stay and prior to HIM obtaining the chart after discharge, is assuring these records are not sent, or consent obtained prior to release. 

    If an official list of 42 CFR Part 2 providers were available,  this would be a much simpler process.





  • 6.  RE: One more 42 Part 2 Update...for those interested

    Posted 16 days ago
      |   view attached
    Hi Julie,

    I'm not an expert but I do have a run sheet that may help you a little. It would be nice if there was a provider list but that would be a very long list!

    I hope you find the attachment useful.

    Wishing the Best!

    ------------------------------
    Kelly Randell
    DRG Analyst
    [G2 Corporation]
    ------------------------------

    Attachment(s)



  • 7.  RE: One more 42 Part 2 Update...for those interested

    Posted 16 days ago

    Hi Kelly,
    That is a really flow sheet, thank you for sharing. I think Julianna's question, and I know my question, is more about receiving records from a Part 2 hospital and identifying them properly within our own record so we don't break the law. How will we know when we receive records from a Part 2? Are they supposed to tell us? Will there be an identified disclaimer on the records or something?



    ------------------------------
    Kathryn Wood, RHIA
    Assist Dir of Information Systems/Privacy Officer
    War Memorial Hospital
    ------------------------------



  • 8.  RE: One more 42 Part 2 Update...for those interested

    Posted 16 days ago
    Good Morning Kathryn,

    I think this is a serious missing link in continuance of care for the patient. I don't know of a site that providers a list on who is participating under Part 2. Have you tried with the MAC and/or the insurance the patient is part of? They may have a link you can enter the organization's or physician name to see if they participate.  This is the best suggestion I can come up with. I hope that it wouldn't be left to organization's policy making to create a policy on how to handle such records.

    Seek and you will find!

    Have a nice week!

    ------------------------------
    Kelly Randell
    DRG Analyst
    [G2 Corporation]
    ------------------------------



  • 9.  RE: One more 42 Part 2 Update...for those interested

    Posted 15 days ago
    Hello,

    A part 2 program is required to have a 42 CFR Part 2 disclosure statement on the records they release. 

    Thanks,
    Sherry





  • 10.  RE: One more 42 Part 2 Update...for those interested

    Posted 15 days ago
    Sometimes I'll see a folder or other designated space within the EHR where Part 2 records which are not to be re-released are stored in an attempt to comply with the non-redisclosure requirement.

    One ongoing problem is that when ROI staff select records for release, they often use a query or some other method to extract records between a start date and an end date which pulls all records within the EHR, including those in the designated space for part 2 information.  The good news is that this can be fixed, the bad news...it often goes unnoticed until someone raises a concern...and sometimes that is a very, very irate patient who has learned that an otherwise restricted re-disclosure has occurred.


    ------------------------------
    Frank Ruelas
    Compliance Professional
    Arizona
    ------------------------------



  • 11.  RE: One more 42 Part 2 Update...for those interested

    Posted 15 days ago

    Good Morning,

    Julie's quest to determine how to know if a provider participates in the 42 CFR Part 2 program seems to reside in the CE or BA's determination upon accepting the patient for treatment. The governing body SAMHSA provided guidelines to secure SUD patients from fear of retribution. The gatekeeper is the patient's authorization to move the record. TPO by HIPAA doesn't apply. So, the question remains, how does the entity know the patient is protected under Part 2?

    I would think the SUD type of record would raise the flag obviously and require determination of part 2 participation. The contracted obligation of the CE or BA would be included in the contracts the business office would keep. So, my best guess based on whether the provider receives federal funding and hold themselves out to the public as providing SUD diagnosis, treatment or referral for treatment must abide by additional confidentiality protections above and beyond the HIPAA Rule and Part 2.

    This would come from HIPAA Privacy Officer and Administrative Office working together to create and maintain list of providers participating in 42 CFR Part 2 program. I would also think that in the EHR system, these providers would be included in a table of some sort or insurance classification. As for the release of record, as Sherry added in her post, a disclosure statement would be necessary, (paper or electronic) but the authorization by the patient is required to be kept on file and pertinence given to re-authorization by the patient to each separate occurrence of ROI.

    Have a nice week!



    ------------------------------
    Kelly Randell
    DRG Analyst
    [G2 Corporation]
    ------------------------------