Checklist for Monitoring Alcohol and Other Drug Confidentiality Compliance
|
The Federal alcohol and other drug (AOD) confidentiality law requires covered programs to strictly maintain the confidentiality of AOD patient records. The law (42 U.S.C. § 290dd-2) and its accompanying regulations (42 C.F.R. Part 2, referred to in this guide as "the regulations" came about through Congress' recognition that safeguards on privacy serve the important purpose of encouraging persons to seek AOD dependence care by preventing the disclosure of information related to their AOD diagnosis and treatment, which could stigmatize them in their communities.
Although remarkably effective, the laws are also complex. Questions about which disclosures are and are not permissible sometimes confuse AOD treatment programs and the State agencies responsible for funding and evaluating them. This guideline is designed to alleviate some of that confusion. It provides an easy-to-use checklist that should enable the compliance personnel of both AOD programs and State and other government monitoring agencies to quickly determine whether complaints alleging a breach of patient confidentiality are justified under the Federal confidentiality law.
Two important caveats apply. First, this checklist should only be consulted to determine whether a prior disclosure complied with the law. It should not be consulted to determine whether to make a disclosure in the first instance. For such decisions, programs and State agency staff should consult more detailed analyses of the Federal regulations, such as that contained in the Legal Action Center's book, Confidentiality: A Guide to the Federal Law and Regulations. Because the checklist is written in summary form (hence its easy-to-use style), sole reliance on it could result in inadvertent breaches of the regulations.
The second caveat is that when using the checklist for its intended purpose–to evaluate whether prior communications complied with the law–compliance personnel should consult more detailed analyses in order to understand the nuances of the law. In short, the checklist provides a conceptual framework and the basic principles to guide compliance personnel. In complex cases, compliance personnel should consult a more comprehensive source.
The best way to use the guide is as follows. In all instances, consult Sections I and II first. Begin with Section I to determine whether the regulations even apply to the alleged confidentiality violation. For example, was the alleged breach by a "program" and about a "patient" as those terms are defined in the regulations? Second, consult Section II to determine whether a "disclosure" of patient-identifying information was made. Only after concluding that the regulations apply (Section I) and that a disclosure of patient-identifying information was made (Section II), will one need to consult Sections III-V to determine whether the disclosure was authorized under the regulations. Sections III: A–I cover nearly all of the rules (sometimes called "exceptions") that authorize AOD programs to disclose patient-identifying information. Compliance personnel first should consult those rules that most likely apply. If a rule applies, one need not go further. The communication was legal under the regulations. If a rule does not apply, consult other rules to see if they apply. Section III does not cover absolutely every rule in the regulations. For example, it omits discussion of the rules about reporting vital statistics (§ 2.15(b)) and central registries for methadone and detoxification programs (§ 2.34). Compliance personnel should consult the regulations directly for any rules not covered by this checklist. Section IV discusses search and arrest warrants, which are related to the discussion in Section IV–I. The two sections should be read in tandem. Finally, Section V discusses the regulations as they apply to persons who are not formally part of an AOD program but who nevertheless are bound by the regulations because they received patient-identifying information from an AOD program in circumstances authorized by the regulations.
Within each section and its subparts, there is a checklist that the user can follow to ascertain whether the disclosure complied with the law, followed by a summary of the rule.
In using the guide, bear in mind that in addition to the Federal law, many States may have laws and regulations that govern the confidentiality of AOD information. Make sure that you are familiar with such State laws; this guide does not incorporate them.
Most States also have laws governing the confidentiality of HIV-related information (HIV confidentiality is determined only by State law; there is no Federal HIV confidentiality law), as well as the confidentiality of mental health and medical records. This guide does not address those State laws. Thus, even if a disclosure complies with the Federal AOD confidentiality law, compliance personnel might also choose to determine whether the disclosure violates any State confidentiality laws (e.g., those pertaining to AOD, HIV, mental health, or medical records).
For instances in which a State's confidentiality law (AOD or otherwise) is more restrictive than the Federal law, a program must follow the stricter State law. For example, if a program has disclosed a patient's HIV status after the patient has signed a consent form that is proper under the Federal AOD confidentiality law, compliance personnel must also determine whether the State imposes any additional requirements for disclosing HIV-related information (e.g., a special HIV consent form).
For instances in which a State's confidentiality law or any other State law is less protective of confidentiality than the Federal law, however, the Federal law controls. For example, if a State law mandates a program to notify parents about certain conduct by minor patients, but the Federal regulations absolutely prohibit such disclosure, the program cannot make the disclosure; the Federal law controls. However, there is usually a way to disclose properly under the Federal law, for example, by obtaining patient consent or a court order that meets the Federal requirements. Accordingly, there is rarely an irreconcilable conflict with State law.
In addition, under 45 C.F.R. Part 96.132(e), States that receive Federal block grant funding for AOD treatment services, are required to:
| << Back | Table of Content | Next >> |