Key Facts About HIPAA Compliance – What You Need to Know – Part 6

Key Facts About HIPAA Compliance – What You Need to Know – Part 6

by ih-coc admin

Our series is designed to explain best practices about HIPAA compliance, HIPAA settlements, and the various requirements an organization must have in place under the HIPAA Security & Privacy Rules. 

HIPAA and Substance Abuse Confidentiality Regulations (CFR 42 Part 2)

Knowing what regulation to follow for substance use disorder treatment information in an emergency situation and how it interacts with HIPAA interact can be confusing.  A health provider that provides treatment for substance use disorders, including opioid abuse, needs to determine whether it is subject to 42 CFR Part 2 (i.e., a “Part 2 program”) and whether it is a covered entity under HIPAA.  Part 2 programs are federally assisted programs.

CFR 42 Part 2 Restrictions

Part 2 rules provide more stringent privacy protections than HIPAA, including in emergency situations. If an entity is subject to both Part 2 and HIPAA, it is responsible for complying with the more protective Part 2 rules, as well as with HIPAA. HIPAA is intended to be a set of minimum federal privacy standards. It is generally is possible to comply with HIPAA and other laws, such as 42 CFR Part 2, that are more protective of individuals’ privacy.

What is Permitted in Terms of Disclosures?

HIPAA permits disclosure of protected health information (PHI) for treatment purposes (including in emergencies) without patient authorization, and allows PHI to be used or disclosed to lessen a threat of serious and imminent harm to the health or safety of the patient or others (which may occur as part of a health emergency) without patient authorization or permission. Because HIPAA permits, but does not require, disclosures for treatment or to prevent harm, if Part 2 restricts certain disclosures during an emergency, an entity subject to both sets of requirements could comply with Part 2’s restrictions without violating HIPAA.

Helping Organizations Achieve HIPAA Compliance™

Our goal at Colington is to help keep your organization one step ahead in making sure those tasked with maintaining or implementing a HIPAA compliance program understands the requirements.  

Have a question about HIPAA compliance? Let us know and we would be pleased to discuss it with you and perhaps also address it in this series.