2020 has been a big year. From the viral pandemic, to the economic shutdown and resultant armed protests, to an uptick in racial violence and the resultant protests and then the resultant severe government response, to increases in drug overdose deaths.
It can feel impossibly overwhelming to try to keep track of every change or significant event that’s taken place this year. But if you’re an addiction treatment patient, particularly if you are utilizing medications for opioid use disorder, there has been one quiet set of changes that you should definitely be aware of.
When the Coronavirus Aid, Relief, and Economic Security Act passed (CARES Act) in March, it included changes to 42 CFR Part 2 of the Social Security Act, the part that covers privacy protections for substance use disorder patients. Passed as a rider to the CARES Act titled the Protecting Jessica Grubb’s Legacy Act, the changes move SUD patient privacy closer to general HIPAA regulations by removing the consent requirements for information re-disclosure. Previously, patients had to consent each and every time their protected health records were shared or discussed with another provider. This meant that if a patient signed a consent for her buprenorphine prescriber to discuss her scripts with her psychiatrist, her psychiatrist would require a specific, explicit consent before discussing her buprenorphine information with, say, a primary care physician.
Now, once a patient signs consent, that information can be re-shared into perpetuity. It may sound like a relatively small change, but it essentially means that all SUD information can be shared without a patient’s knowledge. Many patients have to sign consent forms to their insurance provider, for example, or so that their methadone prescriber can communicate with their endocrinologist or anesthesiologist or any number of other providers. Now, that information can continue being shared for as vague a reason as “healthcare administration.”
Some patients hear this and say, “well, hey, at least we have HIPAA.” But in fact, the Health Insurance Portability and Accountability Act (HIPAA) doesn’t really work the way people think it does. As explained to TalkPoverty by Danielle Tarrino, president and CEO of Young People In Recovery and a previous employee at the Department of Health and Human Services who, while there, drafted the 2017 revisions to 42 CFR Part 2, “HIPAA is not a [patient] privacy protection. It’s actually an authorization to share your info as broadly as a health care payor believes they need to share it, which I will tell you is very broad.”
Zac Talbott, president of the National Alliance for Medication Assisted Recovery (NAMA Recovery), said in the same article, “You’ll hear people say, ‘that violated HIPAA.’ Actually, it violates Part 2, and it’s now gone.”
In addition to this change, the Substance Abuse and Mental Health Services Administration (SAMHSA) also updated their rules under 42 CFR Part 2. This included permissions for opioid treatment providers to include patient records state prescription drug monitoring programs (PDMP). The PDMP exists to help regulate the prescribing of controlled substances like opioids. But many people feel it is a violation of their privacy and that it is used to engage in discrimination based on the substances a patient is prescribed. Law enforcement agencies have even sought and been granted access to PDMP databases, which becomes especially problematic when addiction patients are involved since addiction typically involves an illegal act under current U.S. law.
Prior to the SAMHSA update, which just took place in early July, opioid treatment providers were required to search for their patients in the PDMP to ensure they were not being prescribed any substances that could negatively interact with their methadone for example, but they could not add them to the database. Now these patients—who already face stigma in the form of criminalization, child removal, employment discrimination and more—are even more likely to face these consequences if their data is leaked through the PDMP or a records redisclosure.
Providers fear that patients will be less inclined to seek treatment knowing their information is not confidential.
“Why would I go to treatment if they are going to blab my business all over town? We have a conundrum: We want people to go to treatment, but we are going to discourage people from seeking treatment by telling them ‘your privacy is irrelevant,’” TalkPoverty quoted Westley Clark, Dean’s Executive Professor in the Department of Psychology at Santa Clara University and the former director of the Center for Substance Abuse Treatment (CSAT) within SAMHSA as saying.
If you are a patient and you are concerned about your privacy under the new rules under SAMHSA, patient advocacy groups like the National Alliance for Medication Assisted Recovery and others are continuing to lobby for better privacy protections. NAMA-R is accepting members and has local chapters in every state. You can also check with the Urban Survivor’s Union, and your local harm reduction agencies and ask about more ways to get involved in patient advocacy.