2020 has been a big year. From the viral pandemic, to the economic shutdown and resultant armed protests, to an uptick in racial violence and the resultant protests and subsequent severe government response, to increases in drug overdose deaths.
It can feel impossible to try to keep track of every change or significant event that’s taken place this year. But if you’re an addiction treatment patient, there has been one quiet set of changes that you should definitely be aware of. Particularly if you are taking medications for opioid use disorder.
A little known effect of the CARES Act.
When the Coronavirus Aid, Relief, and Economic Security Act passed (CARES Act) in March, it included changes to 42 CFR Part 2 of the Social Security Act. This is the part that covers privacy protections for substance use disorder patients. These changes were passed as a rider to the CARES Act titled the Protecting Jessica Grubb’s Legacy Act. This rider move SUD patient privacy closer to general HIPAA regulations by removing the consent requirements for information re-disclosure. Previously, patients had to consent each and every time their protected health records were shared or discussed with another provider. This meant that if a patient signed a consent for her buprenorphine prescriber to discuss her scripts with her psychiatrist, her psychiatrist would require a specific, explicit consent before discussing her buprenorphine information with, say, a primary care physician.
Now, once a patient signs consent, that information can be re-shared into perpetuity. It may sound like a relatively small change, but it’s not. It essentially means that all SUD information can be shared without a patient’s knowledge. Many patients have to sign consent forms to their insurance provider, for example. Or so that their methadone prescriber can communicate with their endocrinologist or anesthesiologist or any number of other providers. Now, that information can continue being shared for as vague a reason as “healthcare administration.”
HIPAA doesn’t protect your privacy like you think.
Some patients hear this and say, “Well, hey. At least we have HIPAA.” But in fact, the Health Insurance Portability and Accountability Act (HIPAA) doesn’t really work the way people think it does. Danielle Tarrino explains this in TalkPoverty. She is president and CEO of Young People In Recovery, and a previous employee at the Department of Health and Human Services. While at the DHHS, she drafted the 2017 revisions to 42 CFR Part 2. She says, “HIPAA is not a [patient] privacy protection. It’s actually an authorization to share your info as broadly as a health care payor believes they need to share it, which I will tell you is very broad.”
Zac Talbott, president of the National Alliance for Medication Assisted Recovery (NAMA Recovery), said in the same article, “You’ll hear people say, ‘that violated HIPAA.’ Actually, it violates Part 2, and it’s now gone.”
SAMHSA update allows greater access to databases.
In addition to this change, the Substance Abuse and Mental Health Services Administration (SAMHSA) also updated their rules under 42 CFR Part 2. This included permissions for opioid treatment providers to include patient records to state prescription drug monitoring programs (PDMP). The PDMP exists to help regulate the prescribing of controlled substances like opioids. But many people feel it is a violation of their privacy, and that it is used to discriminate based on the substances a patient is prescribed. Law enforcement agencies have even sought and been granted access to PDMP databases. This becomes especially problematic when addiction patients are involved, since addiction typically involves an illegal act under current U.S. law.
Prior to the SAMHSA update, which just took place in early July, opioid treatment providers were required to search for their patients in the PDMP to ensure they were not being prescribed any substances that could negatively interact with their methadone, for example. But they could not add them to the database. These patients already face stigma in the form of criminalization, child removal, employment discrimination and more. They are even more likely to face these consequences if their data is leaked through the PDMP or a records redisclosure.
What is the impact of these changes?
Providers fear that patients will be less inclined to seek treatment, knowing their information is not confidential.
“Why would I go to treatment if they are going to blab my business all over town? We have a conundrum: We want people to go to treatment, but we are going to discourage people from seeking treatment by telling them ‘your privacy is irrelevant,’” TalkPoverty quoted Westley Clark, Dean’s Executive Professor in the Department of Psychology at Santa Clara University and the former director of the Center for Substance Abuse Treatment (CSAT) within SAMHSA as saying.
If you are a patient and you are concerned about your privacy under the new rules under SAMHSA, patient advocacy groups like the National Alliance for Medication Assisted Recovery and others are continuing to lobby for better privacy protections. NAMA-R is accepting members and has local chapters in every state. You can also check with the Urban Survivor’s Union or your local harm reduction agencies. Ask them about more ways to get involved in patient advocacy.