In 1972, Congress adopted The Federal Confidentiality of Alcohol and Drug Abuse Patient Records law (now codified at 42 USC 290dd-2), reflecting its concern that individuals not be made more vulnerable as a result of seeking treatment for a substance use disorder. In the eyes of addiction treatment patients and their families, the fear and reality of stigma and discrimination remain just as real today as they were in 1972. As a result, we must continue to take exceptional care to protect the privacy of those seeking treatment.
As general counsel to a number of addiction treatment organizations, I work with front-line clinicians who manage the complexity of the confidentiality law every day in countless forms: court orders, requests from prosecuting attorneys and law enforcement, subpoenas for civil actions (divorce, child custody, employment), insurance claims, government benefit programs, families, and many more.
These treatment providers face difficult legal and ethical dilemmas in responding to these many requests. We constantly strategize about how to legally disclose, or refuse to disclose, patient information within the framework of existing law. As a result of this experience, I believe the confidentiality law and regulations could be improved to include--among a variety of other amendments--explicit, limited data-sharing exceptions with a series of patient protections that do not exist under current law.
I consider such exceptions and protections essential for treatment providers struggling to cope with the unforeseen technological advances of recent years and the new demands and opportunities offered by the historic reforms involving parity and national healthcare. The consequence of these advances will be greater coordination of health services delivered by multiple providers, accomplished in part through implementation of electronic health records (EHRs), which make it possible to electronically transmit a critical subset of a patient's vital information from one provider to another in the event the patient requires care.
It is with the future in mind, a future of "interoperable" EHRs containing patient data, that I suggest the need for limited data sharing exceptions and expanded patient protections. Here is why: The existing confidentiality law clearly allows release of substance use treatment information to healthcare providers only under two circumstances: when a patient decides what information may be disclosed and specifically authorizes this disclosure in the form of written consent (as specified by 42 CFR 2.31), or in cases of medical emergency (42 CFR 2.51).
While some privacy advocates believe this protection should be maintained, many medical experts, including physicians, contend that non-medical professionals and patients may not understand or recognize how the restriction of certain information might impact a course of testing, diagnosis, treatment, and plan of care. They assert that the restriction in current law blocks communication of relevant and essential information impacting the cost and quality of care. Potentially, it reduces patient safety and could jeopardize patients' lives because it limits the ability of healthcare providers and health plans to:
* Conduct outreach to people who may be receiving duplicative or inappropriate treatment;
* Coordinate care of persons who may be at significant risk;
* Identify medications or other treatments that may be contraindicated; and
* Diagnose and treat underlying health conditions or avoid treatments that exacerbate such conditions.
To aid treatment providers in complying with requests for relevant information, supporting coordinated care, and maintaining strict confidentiality of patient substance use treatment information, a group of diverse stakeholders have commenced discussion to address the statute's shortcomings. …