3-Hour Virtual Seminar on HIPAA vs. SAMHSA 42 CFR Part 2: Managing Disclosures when Substance Use Disorders Are Involved

Training Options Duration: 3 Hours
Tuesday, October 9, 2018 | 09:00 AM PDT | 12:00 PM EDT

Overview: This session focuses on the issues of managing health information when it may

involve substance use disorder treatment information. HIPAA allows a number of disclosures

without consent that SAMHSA prohibits without consent. First we will explain how HIPAA relates to

information management and release and explain the processes required for various releases of

information under the HIPAA rules, including release according to individual access requests, and

under HIPAA authorizations.

When substance use disorder treatment information is involved, first you need to understand how

to identify it. We will discuss how to make it distinguishable from “regular” health information,

so that the appropriate extra protections can be provided. You may be able to use functions in

your EHR to flag the information, or you may create a manual process for tracking the

information, if it is rarely handled in your organization. And the substance use disorder

treatment information you collect may or may not be under SAMHSA depending on whether or not you

have a department or even a response team that specializes in SAMHSA-related situations. You need

to understand your status under the rules before you release information inappropriately. We will

discuss what qualifies treatment that falls under SAMHSA.

If your organization provides services that create information that is under the SAMHSA

regulations, you will need to establish the consent and release of information processes that are

required to be followed for information releases under 42 CFR Part 2. This involves getting the

proper consents upon establishment of the relationship, as well as managing consents for releases

that may be necessary after the initial establishment of the relationship. The session will

include an explanation of the consent and release requirements that must be followed.

When you release information under HIPAA, there are no special notices required to be placed on

the records. But when you release information under SAMHSA, each document must have a notice that

explains that re-disclosure is not permitted without a new consent. Complicating matters are

updated rules going into effect that will allow a consent that permits a re-release to a defined

team of providers caring for the individual, but then require meticulous documentation of to whom

the information has been released under such a consent.The session will go over the rules on

consents and re-release of information.

With the current epidemic of opioid abuse, there has been a great deal of publicity around the

release of information and the necessity to share information with family and friends to

facilitate recovery, but the rules remain in place as is. HIPAA allows such releases under some

circumstances, while a consent is required under 42 CFR Part 2.HHS has issued guidance on how to

deal with the regulations in the face of the crisis, but the inconsistencies and difficulties

remain. In this session we will review the guidance and learn how it helps explain some of the


In addition, the session will review the processes used for and some of the enforcememt

settlements reached in the reporting of breaches under HIPAA, as well as proposals to further

harmonize HIPAA and 42 CFR Part 2, including the levying of HIPAA-level penalties for violations

of the Part 2 rules. The latest proposals to modify the Part 2 rules and their potential impacts

will be discussed.

Overall, substance use disorder treatment information can complicate your records management and

release processes, but by recognizing and planning for the issues, you can minimize the impacts.

Why should you Attend: Today we are in the midst of an epidemic of substance use disorders, and

particularly opioid abuse, and more and more providers are involved in providing treatment to

people with substance use disorders. When substance use disorders are involved, the rules of

SAMHSA under 42 CFR Part 2 come into play. But who is covered under the rules, what’s involved in

meeting them, and how do they interact with HIPAA? HIPAA allows a number of disclosures, for

treatment, payment, and healthcare operations purposes, without consent from the individual being


SAMHSA rules, on the other hand, require consent for every disclosure or re-disclosure, and if

the proper consents aren’t obtained, the provider can be in violation of the rules and subject to


Not every provider that treats a person with substance abuse issues automatically falls under the

SAMHSA rules, and not all mental health information is necessarily substance abuse information.

How do you know whether or not your services put you under the SAMHSA regulations? If you are

under 42 CFR Part 2, how do you identify and keep separate the substance abuse information?

When a provider receives health information about an individual, under HIPAA the provider may

re-disclose the information as needed for treatment, payment, and healthcare operations purposes.

Information may be received, however, that has a special notice on it about re-disclosure,

requiring consent from the individual before re-disclosure. Even though you may not operate under

SAMHSA rules, you have obligations to respect the SAMHSA consent requirements. How can you make

sure information is only shared appropriately and is not released contrary to the rules?

Areas Covered in the Session:

What HIPAA allows, what SAMHSA requires, and the differences will be explained
We will examine how to deternmine if the services you provide place you under 42 CFR Part 2
We will explore the means for making sure substance use disorder treatment information receives

the appropriate protections
The consent and release requirements under 42 CFR Part 2 will be explained
Re-release of information released under 42 CFR Part 2 will be discussed
Sharing of information with family and friends in an overdose incident will be explored
The latest guidance from the US Department of Health and Human Services on harmonization of

SAMHSA and HIPAA will be explained
Enforcement of the rules and the handling of breaches of information will be explained

Who Will Benefit:
Compliance Director
Privacy Officer
Security Officer
Information Systems Manager
HIPAA Officer
Chief Information Officer
Health Information Manager
Healthcare Counsel/Lawyer
Office Manager

Speaker Profile
Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC,

a Vermont-based consulting firm founded in 1982, providing information privacy and security

regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the

Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of

the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy

and security compliance issues at seminars and conferences, including speaking engagements at

numerous regional and national healthcare association conferences and conventions and the annual

NIST/OCR HIPAA Security Conference in Washington, D.C.

Price – $299

Contact Info:
Netzealous LLC – MentorHealth
Phone No: 1-800-385-1607
Fax: 302-288-6884
Email: [email protected]
Website: http://www.mentorhealth.com/
Webinar Sponsorship: https://www.mentorhealth.com/control/webinar-sponsorship/
Follow us on : https://www.facebook.com/MentorHealth1
Follow us on : https://www.linkedin.com/company/mentorhealth/
Follow us on : https://twitter.com/MentorHealth1

Event Details

Registration is closed for this event.

Maurice Gilbert

Maurice Gilbert founded Corporate Compliance Insights in December 2008 to further the discussion and professional knowledge exchange of important, forward-thinking corporate governance, risk and compliance topics.

Related Post