If the considered rule change happens, proponents of these care plans could have broader access to the medical records of patients of drug and alcohol abuse programs without those patients' consent. That will help healthcare providers afford those patients better coordinated, higher quality and more cost efficient care, these proponents say.
Opponents of the rule change warn, however, without the law's current stringent consent requirements, drug and alcohol abuse patients will avoid seeking treatment, out of concern their stigmatizing and or illegal activity will be exposed, a situation the rule, created in the 1970s, sought to avoid.
“I think what will happen is you'll see some people who will be in substance abuse treatment either won't get it or will stop confiding as much as they do in their therapist,” said Jim Pyles, a Washington privacy lawyer who testified last week on behalf of the American Psychoanalytic Association and in favor of maintaining a stringent federal privacy rule covering these patient records.
A federal regulatory advisory panel last Tuesday accepted recommendations from its privacy workgroup that would put off until 2017 the introduction of some narrow and largely voluntary privacy protection criteria under the electronic health-record incentive payment program of the American Recovery and Reinvestment Act of 2009. The policy recommendations are for technology to protect the privacy of behavioral health patient information. The federal privacy workgroup, the Privacy and Security Tiger Team, has been looking at certain privacy protection technology since 2010. But it has not recommended that the feds put a regulatory stake in the ground, telling developers of electronic health-record systems and information exchange systems that they should add this technology to their own systems, or encouraging healthcare providers to incorporate the technology in their workflows.
On Wednesday, the Substance Abuse and Mental Health Services Administration, in a day-long listening session, heard conflicting testimony on whether it should consider modifying the federal privacy rule, 42 CFR Part 2, covering the transmission and sharing of medical records of many drug and alcohol abuse patients.
Many “general” healthcare providers aren't using substance-abuse treatment data because they don't have the technology to help them handle it efficiently and in compliance with the law.
But if SAMHSA continues its unflagging support for the special rule for handling substance abuse information, it may force technology developers to incorporate privacy-protecting technology into their systems, and induce providers to use it, affording better protection for all healthcare data, privacy advocates say. If the rule is weakened, however, that technology may never be rolled out.
Finally, on Thursday came the news that privacy advocate Joy Pritts, the first chief privacy officer at the Office of the National Coordinator for Health Information Technology at HHS, would be stepping down after 4 ½ years on the job.
Pritts praised an early implementation of data segmentation technology for behavioral health demonstrated by EHR developer Cerner Corp. at this year's Health Information and Management Systems Society, adding her hope that “other vendors follow that lead.” The concern, expressed by several privacy advocates bemoaning her July departure, is that her successor— unknown at this pivotal moment—might not be as stalwart an advocate for patients' rights and data segmentation technology as Pritts has been.
Development and adoption of the technical capabilities to affix so-called “meta-data tags” to patient records—which also would aid in interoperability and research as well as privacy protection—was urged by the President's Council of Advisors on Science and Technology in 2010 and by the JASON, a group of top scientists working for the Agency for Healthcare Research and Quality, this April.
SAMHSA, itself, sponsored one of six ONC “Data Segmentation for Privacy” pilot projects to test the technology. But the agency is under considerable pressure to ease regulatory restrictions on the flow of this data, rather than hold firm and press the industry to adopt technology that will help providers comply with the consent provisions of 42 CFR Part 2.
Either way, SAMHSA's decision will likely have a wider impact on privacy protections than the scope of that rule now.
Follow Joseph Conn on Twitter: @MHJConn