Providers, electronic health-record developers and health information exchange operators are still waiting for new regulations or guidance on electronically handling highly sensitive behavioral health information.
A year ago, the Substance Abuse and Mental Health Services Administration held a national listening session on possibly updating its rule that protects patients of federally funded drug- and alcohol-treatment centers.
The rule is seen by some as a barrier to interoperability of healthcare information systems, which could impair provider organizations from successfully transitioning from fee-for-service to outcomes-based reimbursements with population-health-based care-delivery mechanisms such as accountable care organizations.
Patient advocates, however, say patient consent, a key aspect of the law, is a much needed barrier to more liberal sharing of patient information to induce many otherwise reluctant behavioral health patients to seek treatment.
The listening session itself, held last June, drew mixed testimony about whether the government should liberalize access to behavioral health information covered by the law, known as 42 CFR Part 2, or stand firm with its protections that are far more stringent that those under the Health Insurance Portability and Accountability Act privacy rule, which covers the disclosure of most patient healthcare records.
Kate Tipping, public health adviser at SAMHSA and its expert on the issue, said the agency intends to issue a rule or guidance before President Barack Obama leaves office in 2017.
The agency has received more than 700 comments from the listening session.
"We reviewed them and we had discussions internally at SAMHSA and we're talking with the departments on what our next steps will be," Tipping said.
"For the most part, folks were supportive of looking at the regulations and updating them," she said. "We did have a handful that did say that the laws and the regulations should be repealed and we should just use HIPAA. There was agreement that Part 2 is a barrier to sharing” and ACOs.
The law requires a patient's written consent each time their medical records are shared with other providers, even for treatment, payment and other healthcare operations. Since a 2002 rule revision by HHS, HIPAA no longer requires a patient's consent before disclosing his or her records for those uses.
The federal government, including SAMHSA and the Office of the National Coordinator for Health Information Technology, has worked on a technological fix to the problem, called Data Segmentation for Privacy, or DS4P.
A workgroup advising the ONC previously recommended that the government begin including the technology in its testing and certification of EHR systems. Earlier this week, however, that panel reversed itself and said the technology wasn't ready to be folded into the $30 billion incentive program for EHRs.