Proposed rule seeks to align two federal laws governing confidentiality, disclosure of patient records

ADA offers comments to benefit patients

The ADA filed comments Jan. 31 on a proposed rule to better align the requirements of two federal laws governing the confidentiality and disclosure of patient records.

The two federal laws are the Health Insurance Portability and Accountability Act of 1996, which governs what covered heath care providers must do to protect the confidentiality of patient health records, and the confidentiality rules under Part 2 of Title 42 of the Code of Federal Regulations, which protects the confidentiality of information of federally funded substance use disorder treatment providers.

In a Jan. 31 letter to the Department of Health and Human Services’ Office for Civil Rights, ADA President George R. Shepley, D.D.S., and Executive Director Raymond Cohlmia, D.D.S., said the Association supports efforts to align the two laws “but only to the extent that doing so will benefit patients.”

The ADA asked OCR to do the following in order to better clarify the laws:

• Exempt non-Part 2 providers from having to comply with changes to the HIPAA Notice of Privacy Practices, except in cases where the provider has knowingly received or expects to receive Part 2 records.
• Ease the compliance burden on non-Part 2 providers and those with electronic record systems that are not capable of segmenting Part 2 data.
• Exempt providers who are not covered by HIPAA from being penalized for using or disclosing Part 2 records that a HIPAA-covered entity could have made without penalty.
• Simplify and clarify the statements to be required in a revised notice of privacy practices and provide sample language and comprehensive guidance well in advance of the effective date.
• Do not require HIPAA-covered entities to notify individuals that a patient has a right to inspect and obtain copies of protected health information at limited cost, or in some cases free of charge.
• Protect against dual liability under HIPAA and Part 2.
• Prohibit Part 2 programs from sharing Part 2 records with non-Part 2 providers unless such records are critical to the patient’s care.
• Require Part 2 programs to give health care providers adequate written notice well in advance of sharing any Part 2 record.
• Establish an effective date of no less than one year after publication of the final rule, and a compliance date of no less than one year after the effective date.
• Not require the name and email address of the designated privacy officer be disclosed in a publicly available document.
• Not change the current notice of privacy practices header requirement.
• Not require HIPAA covered entities to imply in their notices of privacy practices that all privacy practices are subject to the notice of privacy practices.
• Modify the proposed notice of privacy practices language from “…provided that such terms are not material or contrary to law…” to “…provided that such changes are not contrary to law”.
• Eliminate the requirement to obtain an individual’s written acknowledgment of receipt of a direct treatment provider’s notice of privacy practices.

Follow all of the ADA’s advocacy efforts at