Confidentiality law: Time for change? | Behavioral Healthcare Executive Skip to content Skip to navigation

Confidentiality law: Time for change?

April 1, 2010
by Renée M. Popovits, JD
| Reprints
Proposal seeks to address limits of current confidentiality law and create stronger legal protection for substance use treatment information

In 1972, Congress adopted The Federal Confidentiality of Alcohol and Drug Abuse Patient Records law (now codified at 42 USC 290dd-2), reflecting its concern that individuals not be made more vulnerable as a result of seeking treatment for a substance use disorder. In the eyes of addiction treatment patients and their families, the fear and reality of stigma and discrimination remain just as real today as they were in 1972. As a result, we must continue to take exceptional care to protect the privacy of those seeking treatment.

As general counsel to a number of addiction treatment organizations, I work with front-line clinicians who manage the complexity of the confidentiality law every day in countless forms: court orders, requests from prosecuting attorneys and law enforcement, subpoenas for civil actions (divorce, child custody, employment), insurance claims, government benefit programs, families, and many more.

These treatment providers face difficult legal and ethical dilemmas in responding to these many requests. We constantly strategize about how to legally disclose, or refuse to disclose, patient information within the framework of existing law. As a result of this experience, I believe the confidentiality law and regulations could be improved to include-among a variety of other amendments-explicit, limited data-sharing exceptions with a series of patient protections that do not exist under current law.

I consider such exceptions and protections essential for treatment providers struggling to cope with the unforeseen technological advances of recent years and the new demands and opportunities offered by the historic reforms involving parity and national healthcare. The consequence of these advances will be greater coordination of health services delivered by multiple providers, accomplished in part through implementation of electronic health records (EHRs), which make it possible to electronically transmit a critical subset of a patient's vital information from one provider to another in the event the patient requires care.

It is with the future in mind, a future of “interoperable” EHRs containing patient data, that I suggest the need for limited data sharing exceptions and expanded patient protections. Here is why: The existing confidentiality law clearly allows release of substance use treatment information to healthcare providers only under two circumstances: when a patient decides what information may be disclosed and specifically authorizes this disclosure in the form of written consent (as specified by 42 CFR 2.31), or in cases of medical emergency (42 CFR 2.51).

While some privacy advocates believe this protection should be maintained, many medical experts, including physicians, contend that non-medical professionals and patients may not understand or recognize how the restriction of certain information might impact a course of testing, diagnosis, treatment, and plan of care. They assert that the restriction in current law blocks communication of relevant and essential information impacting the cost and quality of care. Potentially, it reduces patient safety and could jeopardize patients' lives because it limits the ability of healthcare providers and health plans to:

  • Conduct outreach to people who may be receiving duplicative or inappropriate treatment;

  • Coordinate care of persons who may be at significant risk;

  • Identify medications or other treatments that may be contraindicated; and

  • Diagnose and treat underlying health conditions or avoid treatments that exacerbate such conditions.

To aid treatment providers in complying with requests for relevant information, supporting coordinated care, and maintaining strict confidentiality of patient substance use treatment information, a group of diverse stakeholders have commenced discussion to address the statute's shortcomings.

Concerns about current confidentiality laws

In my 20 years' experience as a legal counsel to treatment centers nationwide and in training work involving thousands of counselors and administrators, I have observed that although many understand the intent of current confidentiality law and regulations, few appreciate their complexity and limitations. Below is a partial list of my most significant concerns.

Concern 1: Current law only protects addiction treatment information in certain settings. Confidentiality requirements for substance use disorder treatment information apply only when that information is contained in a record held by a federally assisted “program.” In other words, addiction treatment information given in a general hospital, emergency room, physician office, federally qualified health center, or rural clinic generally would not be protected.

Under 42 CFR 2.11, the information is only protected under the regulations if: (a) An individual or entity (other than a general medical care facility) holds itself out as providing, and provides, alcohol or drug abuse diagnosis, treatment, or referral for treatment; (b) is an identified unit within a general medical facility that holds itself out as providing, and provides, alcohol or drug abuse diagnosis, treatment, or referral for treatment; or (c) is medical personnel or other staff in a general medical care facility whose primary function is the provision of alcohol or drug abuse diagnosis, treatment, or referral for treatment and who are identified as such providers. See 42 CFR 2.12(e)(1) for specific examples of applicability of the regulations.