Resources

Client Alerts, News Articles, Blog Posts, & Multimedia

Everything you need to know about BMD and the industry.

Enhancing Privacy Protections for Substance Use Disorder Patient Records

Client Alert
February 16, 2024

On February 8, 2024, the U.S. Department of Health and Human Services (“HHS”) finalized updated rules to 42 CFR Part 2 (“Part 2”) for the protection of Substance Use Disorder (“SUD”) patient records. The updated rules reflect the requirement that the Part 2 rules be more closely aligned with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) privacy, breach notification, and enforcement rules as mandated by the Coronavirus Aid, Relief, and Economic Security Act of 2020.

Part 2 protects the SUD treatment records of patients who are treated at a Part 2 program. Part 2 programs are those that are (1) federally assisted (they receive federal funding) and (2) hold themselves out as providing, and do provide, substance use disorder diagnosis, treatment, or referral for treatment. The final rules released by HHS this month reflect the inclusion of the public comments from providers, trade associations, health information exchanges, health plans and others.

The final rules make the following modifications to Part 2 regulations, effective February 16, 2026:

  • Patient Consent: One single Part 2 consent will be sufficient for all future disclosures for payment, treatment, and health care operations. All disclosures made with patient consent must include a copy of the consent or a clear explanation of the scope of consent. Previously, a separate consent was needed for each disclosure of Part 2 information. However, the final rules do retain a prohibition on the use of Part 2 records in legal proceedings and testimony in civil, criminal, administrative, and legislative proceedings against a patient without specific consent or a court order.
  • Counseling Notes: Like HIPAA psychotherapy records, a separate patient consent for the use and disclosure of SUD counseling notes is now required. SUD counseling notes include those analyzing the conversation in a SUD counseling session that the clinician voluntarily maintains separately from the rest of the patient’s SUD treatment and medical record.
  • Patient Notice: Part 2 patient notice requirements now align with the requirements of the HIPAA Notice of Privacy Practices.
  • Redisclosure: HIPAA covered entities and business associates that receive records under a Part 2 consent may redisclose those records according to HIPAA regulations. Previously, Part 2 regulations required a specific disclosure that was stricter than HIPAA redisclosure regulations.
  • Public Health: Part 2 records may now be disclosed to public health authorities without patient consent as long as the records are de-identified.
  • Breach Notification: The HIPAA Breach Notification Rule requirements will also apply to breaches of records under Part 2.
  • Segregation of Part 2 Data: Part 2 records are no longer required to be segregated or segmented from other medical records.
  • Fundraising: Patients will be able to opt out of receiving fundraising communications from Part 2 programs.
  • Complaints: Patients will have a right to file a complaint directly with the Secretary of HHS for an alleged violation of Part 2 in addition to filing a complaint with the Part 2 program.
  • Penalties: Part 2 penalties will be aligned with HIPAA by replacing criminal penalties currently in Part 2 with civil and criminal enforcement authorities that also apply to HIPAA violations.

The text of the final rule can be found on the Federal Register. All Part 2 programs must comply with the new requirements by February 16, 2026. The BMD healthcare team can help ensure that you are compliant. Please reach out to Daphne Kackloudis (dlkackloudis@bmdllc.com) or Jordan Burdick (jaburdick@bmdllc.com) for questions or assistance.

Health LawHealthcare Policysubstance abuseDaphne KackloudisJordan Burdick
Client Alert

Top 10 Signs that May Indicate Financial Distress

June 19, 2020The business world has been turned upside down with COVID-19 and the financial disruption it has created. Once healthy businesses are taking protective measures to remain viable. The impact of this health and financial crisis has affected nearly all industries in some manner. Being aware of areas or issues where your company is vulnerable is critically important. We have identified ten signs to look for when evaluating whether your company has some degree of financial distress.Client Alert

HHS Delays Quarterly Reporting for Provider Relief Funds

June 19, 2020There is good news for providers that received either (1) General Distributions from the HHS Provider Relief Funds [link to my article], or (2) Targeted Distributions from the HHS Provider Relief Funds [link to Ashley’s article]. HHS reversed its stance requiring quarterly reports for providers that received Provider Relief Funds and PPP loan monies. The initial quarterly reports would have been due by July 10, 2020. However, on June 13, 2020, HHS delayed the quarterly reporting requirement.Client Alert

July 20 is Important Deadline for HHS Fund Distributions to Medicaid and CHIP Providers

June 19, 2020On June 10, 2020, the U.S. Department of Health and Human Services (“HHS”) released details on the distribution of more CARES Act Provider Relief Fund payments. After allocating $50 billion to Medicare providers through its General Distribution fund, HHS has now announced that it will distribute $15 billion to eligible Medicaid and CHIP providers who apply by the deadline through a Targeted Distribution. Applicants must apply through the Enhanced Provider Relief Fund Payment Portal. The application form itself can be found on the HHS website and is due by July 20, 2020.Client Alert

DOJ Updates Corporate Compliance Plan Guidance

June 18, 2020With the passage of the Affordable Care Act in 2010, all healthcare providers were required to adopt and implement a corporate compliance plan. Historically, having an effective corporate compliance plan in place has been key to defending healthcare providers in fraud and abuse actions by Medicare, Medicaid, and commercial payers. Over the past couple of years, the U.S. Department of Justice’s (DOJ) Criminal Division has increased the number of prosecutions against U.S. corporations, including healthcare providers. Earlier this month, the DOJ’s Criminal Division updated its “Evaluation of Corporate Compliance Programs” guidance to educate prosecutors on how a corporate compliance program will be evaluated going forward.Client Alert

IRS Responds - Economic Impact Payments Do Not Belong to Nursing Homes or Care Facilities

June 17, 2020In response to the concerns that some nursing homes and care facilities have been taking patients economic impact payments (“EIP”) and claiming the EIP belongs to the facility, the IRS issued a reminder that the EIP does not belong to a nursing home or care facility even if that facility receives the individual’s payments, either directly or indirectly. The EIP does not count as income or a resource in determining an individual’s eligibility for Medicaid or other federal programs for a period of 12 months from when the EIP is received. What this means: an individual’s EIP does not have to be turned over by the benefit recipient.
Older posts
Newer posts