Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

Enhancing Privacy Protections for Substance Use Disorder Patient Records

Client Alert
February 16, 2024

On February 8, 2024, the U.S. Department of Health and Human Services (“HHS”) finalized updated rules to 42 CFR Part 2 (“Part 2”) for the protection of Substance Use Disorder (“SUD”) patient records. The updated rules reflect the requirement that the Part 2 rules be more closely aligned with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) privacy, breach notification, and enforcement rules as mandated by the Coronavirus Aid, Relief, and Economic Security Act of 2020.

Part 2 protects the SUD treatment records of patients who are treated at a Part 2 program. Part 2 programs are those that are (1) federally assisted (they receive federal funding) and (2) hold themselves out as providing, and do provide, substance use disorder diagnosis, treatment, or referral for treatment. The final rules released by HHS this month reflect the inclusion of the public comments from providers, trade associations, health information exchanges, health plans and others.

The final rules make the following modifications to Part 2 regulations, effective February 16, 2026:

  • Patient Consent: One single Part 2 consent will be sufficient for all future disclosures for payment, treatment, and health care operations. All disclosures made with patient consent must include a copy of the consent or a clear explanation of the scope of consent. Previously, a separate consent was needed for each disclosure of Part 2 information. However, the final rules do retain a prohibition on the use of Part 2 records in legal proceedings and testimony in civil, criminal, administrative, and legislative proceedings against a patient without specific consent or a court order.
  • Counseling Notes: Like HIPAA psychotherapy records, a separate patient consent for the use and disclosure of SUD counseling notes is now required. SUD counseling notes include those analyzing the conversation in a SUD counseling session that the clinician voluntarily maintains separately from the rest of the patient’s SUD treatment and medical record.
  • Patient Notice: Part 2 patient notice requirements now align with the requirements of the HIPAA Notice of Privacy Practices.
  • Redisclosure: HIPAA covered entities and business associates that receive records under a Part 2 consent may redisclose those records according to HIPAA regulations. Previously, Part 2 regulations required a specific disclosure that was stricter than HIPAA redisclosure regulations.
  • Public Health: Part 2 records may now be disclosed to public health authorities without patient consent as long as the records are de-identified.
  • Breach Notification: The HIPAA Breach Notification Rule requirements will also apply to breaches of records under Part 2.
  • Segregation of Part 2 Data: Part 2 records are no longer required to be segregated or segmented from other medical records.
  • Fundraising: Patients will be able to opt out of receiving fundraising communications from Part 2 programs.
  • Complaints: Patients will have a right to file a complaint directly with the Secretary of HHS for an alleged violation of Part 2 in addition to filing a complaint with the Part 2 program.
  • Penalties: Part 2 penalties will be aligned with HIPAA by replacing criminal penalties currently in Part 2 with civil and criminal enforcement authorities that also apply to HIPAA violations.

The text of the final rule can be found on the Federal Register. All Part 2 programs must comply with the new requirements by February 16, 2026. The BMD healthcare team can help ensure that you are compliant. Please reach out to Daphne Kackloudis (dlkackloudis@bmdllc.com) or Jordan Burdick (jaburdick@bmdllc.com) for questions or assistance.

Health LawHealthcare Policysubstance abuseDaphne KackloudisJordan Burdick
Client Alert

Banking and Cannabis: Is it Legal

January 4, 2022Marijuana is still a Schedule 1 drug and is illegal under federal law. However, I am not aware of any federal banking law or regulation, or any other federal law or regulation, which explicitly makes it illegal for banks and other financial institutions to provide their traditional services to state legal cannabis businesses.Client Alert

Protections Under Federal and Ohio Law for Bona Fide Prospective Purchasers of Contaminated Property

November 17, 2021Most industrial/commercial property developers are generally aware of the Comprehensive Environmental Response, Compensation, and Liability Act (“CERCLA”), often also referred to as “Superfund”. CERCLA, a United Stated federal law administered by the U.S. Environmental Protection Agency, was created, in part, because the U.S. Environmental Protection Agency recognized that environmental cleanup could help promote reuse or redevelopment of contaminated, potentially contaminated, and formerly contaminated properties, helping revitalize communities that may have been adversely affected by the presence of the contaminated properties. Commercial property developers should be aware that CERCLA provides for some important liability limitations for landowners that own contaminated property impacted by materials hazardous to the environment. It can also assist with landowners concerned about the potential liabilities stemming from the presence of contamination to which they have not contributed. In particular, CERCLA provides important liability limitations for landowners that qualify as (1) bona fide prospective purchasers (BFPPS), (2) contiguous property owners, or (3) innocent landowners.Client Alert

Puerto Rico Is Open For Business

November 16, 2021Puerto Rico has the highest vaccination in the nation. More than 73% of the total population is fully vaccinated. The U.S. national average is just over 57%. The ports opened in June 2020 and San Juan held it first live concert this past summer. It is important to remember that Puerto Rico is a U.S. territory and there is no need for visas, the banking systems is almost identical to the mainland and the Island uses the U.S. postal service and U.S. dollar as its currency. There are thousands of flights from the U.S. to Puerto Rico daily and all main airlines fly to the Island.Client Alert

Ohio Medical Board Changes Telemedicine Rules

November 16, 2021A SCMS News Article by Scott Sandrock.Client Alert

The Rising Threat from Insiders – Get Your House in Order

November 16, 2021As its name implies, an ‘Insider Threat’ originates inside an organization. An ‘insider’ is any person who has or had authorized access to or knowledge of an organization’s resources, including personnel, facilities, information, equipment, networks, and systems. ‘Insider threat’ can manifest from malicious, complacent, negligent or unintentional acts that negatively affect the integrity, confidentiality, and availability of the organization, its data, personnel, or facilities. Certainly, ‘Insider Threat’ can be an activity by a bad actor employee, but can also arise from an inadvertent or unknowing action inside an organization (such as an employee who unintentionally opens a phishing email or clicks on a malicious link).
Older posts
Newer posts