Tap 18 — TAPs <<<Documents<<<Home

Checklist for Monitoring Alcohol and Other Drug Confidentiality Compliance

Technical Assistance Publication Series

18

U.S. DEPARTMENT OF HEALTH AND HUMAN SERVICES
Public Health Service
Substance Abuse and Mental Health Services Administration
Center for Substance Abuse Treatment

Rockwall II, 5600 Fisher Lane
Rockville, MD 20857

Introduction of TAP 18: Checklist for Monitoring Alcohol and Other Drug Confidentiality Compliance

This publication is part of the Substance Abuse Prevention and Treatment Block Grant technical assistance program. All material appearing in this volume except quoted passages from copyrighted sources is in the public domain and may be reproduced or copied without permission from the Center for Substance Abuse Treatment (CSAT) or the authors. Citation of the source is appreciated.

This publication was prepared under contract number 270-93-0004 from the Substance Abuse and Mental Health Services Administration (SAMHSA). Gayle Saunders, of CSAT, served as the Government project officer.

The opinions expressed herein are the views of the authors and do not necessarily reflect the official position of CSAT or any other part of the U.S. Department of Health and Human Services (DHHS).

DHHS Publication No. (SMA) 96-3083 Printed 1996

Foreword

The Center for Substance Abuse Treatment (CSAT) of the Substance Abuse and Mental Health Services Administration (SAMHSA) is pleased to present this document, Number 18 in the Technical Assistance Publication (TAP) series. Alcohol and drug treatment and prevention program staff and management, as well as State agency officials often have questions about the disclosure of information relating to alcohol and other drug (AOD) diagnosis and treatment. This TAP is designed to answer some of those questions. It provides an easy-to-use checklist that should enable both AOD programs and State and other government monitoring agencies to quickly determine whether a breach of patient confidentiality has occurred under the Federal law and regulations governing patient confidentiality.

This TAP is one of several products developed by the Legal Action Center pursuant to a grant by CSAT to provide information on improving methods of collaboration between AOD treatment and prevention programs and State public health providers.

Appendix B in this document is a presentation on the emerging issue of managed care and its impact on the confidentiality of AOD records. This is another area of concern to AOD programs and State government agencies. It is also an area in which these agencies are having to interact with new health care entities such as health maintenance organizations (HMOs).

Nothing in this publication should be construed as authorizing or permitting any person to perform an act that is not permitted under the regulations governing confidentiality of substance abuse patient records as cited throughout these materials, or by any other Federal or State laws.

David J. Mactas
Director
Center for Substance Abuse Treatment

Introduction

The Federal alcohol and other drug (AOD) confidentiality law requires covered programs to strictly maintain the confidentiality of AOD patient records. The law (42 U.S.C. § 290dd-2) and its accompanying regulations (42 C.F.R. Part 2, referred to in this guide as "the regulations" came about through Congress' recognition that safeguards on privacy serve the important purpose of encouraging persons to seek AOD dependence care by preventing the disclosure of information related to their AOD diagnosis and treatment, which could stigmatize them in their communities.

Although remarkably effective, the laws are also complex. Questions about which disclosures are and are not permissible sometimes confuse AOD treatment programs and the State agencies responsible for funding and evaluating them. This guideline is designed to alleviate some of that confusion. It provides an easy-to-use checklist that should enable the compliance personnel of both AOD programs and State and other government monitoring agencies to quickly determine whether complaints alleging a breach of patient confidentiality are justified under the Federal confidentiality law.

Two important caveats apply. First, this checklist should only be consulted to determine whether a prior disclosure complied with the law. It should not be consulted to determine whether to make a disclosure in the first instance. For such decisions, programs and State agency staff should consult more detailed analyses of the Federal regulations, such as that contained in the Legal Action Center's book, Confidentiality: A Guide to the Federal Law and Regulations. Because the checklist is written in summary form (hence its easy-to-use style), sole reliance on it could result in inadvertent breaches of the regulations.

The second caveat is that when using the checklist for its intended purpose–to evaluate whether prior communications complied with the law–compliance personnel should consult more detailed analyses in order to understand the nuances of the law. In short, the checklist provides a conceptual framework and the basic principles to guide compliance personnel. In complex cases, compliance personnel should consult a more comprehensive source.

The best way to use the guide is as follows. In all instances, consult Sections I and II first. Begin with Section I to determine whether the regulations even apply to the alleged confidentiality violation. For example, was the alleged breach by a "program" and about a "patient" as those terms are defined in the regulations? Second, consult Section II to determine whether a "disclosure" of patient-identifying information was made. Only after concluding that the regulations apply (Section I) and that a disclosure of patient-identifying information was made (Section II), will one need to consult Sections III-V to determine whether the disclosure was authorized under the regulations. Sections III: A–I cover nearly all of the rules (sometimes called "exceptions") that authorize AOD programs to disclose patient-identifying information. Compliance personnel first should consult those rules that most likely apply. If a rule applies, one need not go further. The communication was legal under the regulations. If a rule does not apply, consult other rules to see if they apply. Section III does not cover absolutely every rule in the regulations. For example, it omits discussion of the rules about reporting vital statistics (§ 2.15(b)) and central registries for methadone and detoxification programs (§ 2.34). Compliance personnel should consult the regulations directly for any rules not covered by this checklist. Section IV discusses search and arrest warrants, which are related to the discussion in Section IV–I. The two sections should be read in tandem. Finally, Section V discusses the regulations as they apply to persons who are not formally part of an AOD program but who nevertheless are bound by the regulations because they received patient-identifying information from an AOD program in circumstances authorized by the regulations.

Within each section and its subparts, there is a checklist that the user can follow to ascertain whether the disclosure complied with the law, followed by a summary of the rule.

In using the guide, bear in mind that in addition to the Federal law, many States may have laws and regulations that govern the confidentiality of AOD information. Make sure that you are familiar with such State laws; this guide does not incorporate them.

Most States also have laws governing the confidentiality of HIV-related information (HIV confidentiality is determined only by State law; there is no Federal HIV confidentiality law), as well as the confidentiality of mental health and medical records. This guide does not address those State laws. Thus, even if a disclosure complies with the Federal AOD confidentiality law, compliance personnel might also choose to determine whether the disclosure violates any State confidentiality laws (e.g., those pertaining to AOD, HIV, mental health, or medical records).

For instances in which a State's confidentiality law (AOD or otherwise) is more restrictive than the Federal law, a program must follow the stricter State law. For example, if a program has disclosed a patient's HIV status after the patient has signed a consent form that is proper under the Federal AOD confidentiality law, compliance personnel must also determine whether the State imposes any additional requirements for disclosing HIV-related information (e.g., a special HIV consent form).

For instances in which a State's confidentiality law or any other State law is less protective of confidentiality than the Federal law, however, the Federal law controls. For example, if a State law mandates a program to notify parents about certain conduct by minor patients, but the Federal regulations absolutely prohibit such disclosure, the program cannot make the disclosure; the Federal law controls. However, there is usually a way to disclose properly under the Federal law, for example, by obtaining patient consent or a court order that meets the Federal requirements. Accordingly, there is rarely an irreconcilable conflict with State law.

In addition, under 45 C.F.R. Part 96.132(e), States that receive Federal block grant funding for AOD treatment services, are required to:

have in effect a system to protect from inappropriate disclosure patient records maintained by the State in connection with an activity funded under the program involved or by any entity which is receiving amounts from the grant and such system shall be in compliance with all applicable State and Federal laws and regulations including 42 CFR part 2. This system shall include provisions for employee education on the confidentiality requirements and the fact that disciplinary action may occur upon inappropriate disclosures. This requirement cannot be waived.

Last Updated 11-7-02