Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

Enhancing Privacy Protections for Substance Use Disorder Patient Records

Client Alert
February 16, 2024

On February 8, 2024, the U.S. Department of Health and Human Services (“HHS”) finalized updated rules to 42 CFR Part 2 (“Part 2”) for the protection of Substance Use Disorder (“SUD”) patient records. The updated rules reflect the requirement that the Part 2 rules be more closely aligned with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) privacy, breach notification, and enforcement rules as mandated by the Coronavirus Aid, Relief, and Economic Security Act of 2020.

Part 2 protects the SUD treatment records of patients who are treated at a Part 2 program. Part 2 programs are those that are (1) federally assisted (they receive federal funding) and (2) hold themselves out as providing, and do provide, substance use disorder diagnosis, treatment, or referral for treatment. The final rules released by HHS this month reflect the inclusion of the public comments from providers, trade associations, health information exchanges, health plans and others.

The final rules make the following modifications to Part 2 regulations, effective February 16, 2026:

  • Patient Consent: One single Part 2 consent will be sufficient for all future disclosures for payment, treatment, and health care operations. All disclosures made with patient consent must include a copy of the consent or a clear explanation of the scope of consent. Previously, a separate consent was needed for each disclosure of Part 2 information. However, the final rules do retain a prohibition on the use of Part 2 records in legal proceedings and testimony in civil, criminal, administrative, and legislative proceedings against a patient without specific consent or a court order.
  • Counseling Notes: Like HIPAA psychotherapy records, a separate patient consent for the use and disclosure of SUD counseling notes is now required. SUD counseling notes include those analyzing the conversation in a SUD counseling session that the clinician voluntarily maintains separately from the rest of the patient’s SUD treatment and medical record.
  • Patient Notice: Part 2 patient notice requirements now align with the requirements of the HIPAA Notice of Privacy Practices.
  • Redisclosure: HIPAA covered entities and business associates that receive records under a Part 2 consent may redisclose those records according to HIPAA regulations. Previously, Part 2 regulations required a specific disclosure that was stricter than HIPAA redisclosure regulations.
  • Public Health: Part 2 records may now be disclosed to public health authorities without patient consent as long as the records are de-identified.
  • Breach Notification: The HIPAA Breach Notification Rule requirements will also apply to breaches of records under Part 2.
  • Segregation of Part 2 Data: Part 2 records are no longer required to be segregated or segmented from other medical records.
  • Fundraising: Patients will be able to opt out of receiving fundraising communications from Part 2 programs.
  • Complaints: Patients will have a right to file a complaint directly with the Secretary of HHS for an alleged violation of Part 2 in addition to filing a complaint with the Part 2 program.
  • Penalties: Part 2 penalties will be aligned with HIPAA by replacing criminal penalties currently in Part 2 with civil and criminal enforcement authorities that also apply to HIPAA violations.

The text of the final rule can be found on the Federal Register. All Part 2 programs must comply with the new requirements by February 16, 2026. The BMD healthcare team can help ensure that you are compliant. Please reach out to Daphne Kackloudis (dlkackloudis@bmdllc.com) or Jordan Burdick (jaburdick@bmdllc.com) for questions or assistance.

Health LawHealthcare Policysubstance abuseDaphne KackloudisJordan Burdick
Client Alert

Value-Based Care Advances – CMS Issues New Final Rules for Stark and Anti-Kickback Statutes

December 11, 2020The Centers for Medicare & Medicaid Services (“CMS”) and the Department of Health and Human Services (“HHS”) Office of the Inspector General (“OIG”) issued two highly anticipated (and quite extensive) Final Rules to reform the Stark Law and Anti-Kickback Statute (“AKS”) regulations. The Final Rules generally take effect on January 19, 2021. The Final Rules include new safe harbors for the AKS and new exemptions to the Stark Law to allow for greater flexibility. According to the HHS, the goal of updating both laws is to make it easier for providers to engage in care coordination and value-based care programs without running afoul of the statutes. Please note that this client alert could not cover the full extent of the Final Rule changes so please contact your BMD Healthcare attorney with questions.Client Alert

Mandatory Filings Under CFIUS New Rules

December 11, 2020On September 15, 2020, the Committee on Foreign Investment in the United States (“CFIUS”) promulgated a final rule modifying its mandatory declaration requirements for certain foreign investment transactions involving “TID US businesses” (sensitive U.S. businesses dealing in critical technologies, critical infrastructure and sensitive personal data) dealing in “critical technologies” – i.e., U.S. businesses that produce, design, test, manufacture, fabricate, or develop one or more critical technologies. The new rule also makes amendments to the definition of the term “substantial interest” (used to determine whether a foreign government has a substantial interest in an entity). The final rule became effective on October 15, 2020.Client Alert

IRS Guidance on Employee Retention Credit

December 11, 2020The Employee Retention Credit created under Section 2302 of the Coronavirus Aid, Relief, and Economic Security (“CARES”) Act is a refundable tax credit against certain employment taxes equal to 50 percent of the qualified wages an eligible employer pays to employees after March 12, 2020, and before January 1, 2021. Since the adoption of the CARES Act, employers have expressed concern that if one employer acquires another employer that previously received a PPP loan, the acquirer’s entire aggregated group may no longer be eligible to claim the Employee Retention Credit.Client Alert

International Sales Contracts - COVID-19 Pandemic and Force Majeure

December 11, 2020Client Alert

Identity Protection PIN Available to ALL Taxpayers in January

December 11, 2020Beginning in January 2021, the IRS will allow all taxpayers who can properly verify his/her identity to obtain an Identity Protection PIN. An Identity Protection PIN (“IP PIN”) is a six digit number assigned to a specific taxpayer to assist in preventing the misuse of a taxpayer’s social security number on fraudulent federal tax returns. Previously, only confirmed victims of identity theft who resolved his/her tax issues with the IRS were eligible for an IP PIN.
Older posts
Newer posts