Ethical & Confidentiality Issues in SUD Treatment

Sherry Larkins, Ph.D.
UCLA Integrated Substance Abuse Programs
Training Roadmap


What are the ethical issues we face as
providers?
What are the confidentiality issues we
face as providers? How does integrated
care affect client confidentiality? How do
HIPAA, 42 CFR-part 2, and state
confidentiality policies influence
practice?
Changing Landscape of SUD Tx.
 ACA and other regulations are moving SUD Tx. toward
more coordinated and integrated care.
 SUD tx. will be delivered in a variety of different
settings, including mental health and PC facilities.
 One perceived barrier to care integration = the
laws/policies that govern SUD, MH and PC treatment
differ (42 CFR vs. HIPAA)
 This may affect how providers share information with
others who may be involved with client care.
 Integrated care entities will require access to
SUD info to provide best care.
Discussion:
 What are some examples of ethical issue in
a substance abuse program that you have
experienced? Witnessed?
Ethics

Ethics codes = laws that guide professionals in
helping clients in a fair, respectable, objective,
and humane way

Personal values guide moral conduct
appropriate for work settings

Understanding the connection between law
and ethics and feeling a responsibility to
integrate both appropriately
Ethics
 Ethical behavior requires a familiarity with laws, and
the profession’s philosophy and code of ethics.
 Sensitivity to the moral dimensions of counseling
and your personal principles
 Understanding your agencies policies and
procedures for client services (conflict of interest,
referrals, chain of command, roles, responsibilities)
Professional Boundaries
 The emotional and physical line that gives our
clients space to focus on themselves - not on us.
 The limits that control the professional’s power
so that clients are not hurt.
 The parameters that keep the professional as
objective as possible.
Professional Boundaries
 Provider’s responsibility to maintain
professional boundaries:




Set proper limits
Maintain a treatment focus
Be aware of thoughts/feelings generated
by the client, or about the client
Seek supervision – know what to do with
these feelings.
What Type of Relationship?
•Social/Friendship
•Business/Bartering
•Gift-giving
•Romantic/Sexual
Handling clients who want a
different type of relationship
• Set firm limits
• Explain why you are setting the limits
• Try not to be rejecting as you set clear limits
Sexual Relationships:
Legal and Ethical Issues
 Illegal in all 50 states to ever engage in any form of sexual contact
with a client
 Sexual contact can include: intercourse, oral sex, fondling, any
other kind of sexual touching, nudity, kissing, spanking, verbal
suggestions, innuendoes, or advances.
 Considered exploitation by healthcare professional
 Damage to Client’s mental health
 Loss of trust in helping professions
 Loss of objectivity to provide appropriate tx.
 Client focus is on counselor rather than his/her tx.
 New code allows for client-counselor relations 5 years after
termination of professional relationship.
THINGS TO CONSIDER?
 What is your goal in providing the client with





information?
What will the information mean to the client?
Are you sending confusing messages?
Are you sure that it is meeting a client need and not a
personal need?
Is there another way to accomplish your goal without
personal disclosure?
Are you okay with EVERYONE in the clinic knowing the
information?
ACTIVITY:
•How do you respond?
• Have you ever been in a gang?
• Are you married?/Have a boy/girlfriend?
• Do you have children?
• Have you ever used drugs?
• What kind of drugs did you use?
• Are you in recovery?
• What part of town do you live in?
• How old are you?
• Do you make a lot of money?
• How much do they pay you here?
Confidentiality
 Important legal and ethical responsibility
 Preserving privacy fosters trust and
encourages help-seeking behavior.
 Balance between a patient’s legitimate desire
to maintain privacy of sensitive information
and permitting the sharing of information that
will improve treatment or public health
or safety.
Confidentiality in SUD Treatment
Involves:
 HIPAA
 42 CFR, part 2
 State-based confidentiality policies

Additional Protections for HIV infection, DV, genetics, etc
 Not meant to prevent info-sharing.
 Federal laws are a baseline; states may adopt more strict
regulations.
 State laws vary widely, presenting challenges for
developing unified policy solutions across states
 Also difficult for technology vendors to develop
functionality.
Confidentiality in SUD Treatment
Questions:
 How does 42 C.F.R., Part 2 relate to other laws,
such as HIPAA and State-specific confidentiality
laws?
 Who has to follow 42 C.F.R., Part 2? What
information does it protects?
 What disclosures are allowable and prohibited by
42 C.F.R., Part 2? By HIPAA
 What precautions need to be taken when sharing
information across agencies?
20
HIPAA
 Health Insurance Portability and Accountability Act of
1996
 Protects health coverage for workers/families when
they change/lose their job.
 Gives privacy and security of PHI (Protected Health
information)
 Administrative simplification – a way to standardize
information sharing within a complex healthcare
system.
 Establishes national standards for electronic health
care transactions; sets minimum privacy protections
What is Protected Health Information
(PHI)?
2 Components
 Identifies the client
 Health Information
 Any information that is oral, written, electronic,
created or received by health care provider, health
plan, public health authority, employer, insurer, or
others.
 Relating to past, present or future physical or mental
health status, health care, and payment for such
services.
42 U.S. Code 290dd
42 CFR Part 2
 Regulations governing confidentiality of alcohol and
drug abuse patient records
 First issued 1975, revised 1987
 Designed to help deal with the stigma of addiction
 Imposes restrictions upon disclosure of PHI for clients
enrolled in any federally-assisted alcohol and drug
abuse program
 Requires notification of confidentiality, consent
forms, prohibition of re-disclosure
Confidentiality in Substance
Abuse Treatment Settings
Confidentiality is necessary because without
that guarantee, many individuals with
substance abuse problems would be reluctant
to participate fully in treatment
26
Examples of 42 C.F.R., Part 2
Programs
 Free-standing alcohol/drug treatment programs
 Student Assistance Programs in a school
 PCP whose provision of these services is their
principal practice
 Employee Assistance Programs
 Medical personnel or other staff in a general
medical care facility whose primary function is the
provision of alcohol/drug diagnosis, treatment, or
referral for treatment; or as part of a specific unit
within general medical facility identified as
providing these services.
General Rule of “Disclosures”
 A Program covered by 42 CFR, part 2 may ONLY
release information or records that will directly or
indirectly identify a client as a substance abuser or
treatment patient:
 With a knowing and written CONSENT from the
participant, AND
 Other EXCEPTIONS(explained below)
42 C.F.R. Part 2 Allowable “Disclosures”
 Written authorization/
Consent
 Qualified Service
Organization
 Internal communication
(“need to know”)
 No patient-identifying
information
 Medical emergency
 Audit/evaluation/
research
 Crimes (or threats of) on
program premises or
against program
personnel
 Initial reports of suspected
child abuse or neglect
 Court order meeting
specifications of 42
Allowable Disclosures:
Written Authorization/Consent
 Consent must include:
 Name of Program making disclosure;
 Name and title of individual or org. permitted to receive info.;
 Name of patient;
 Purpose of disclosure;
 How much & what kind of info. will be disclosed;
 Signature of Patient and date of Consent; wet/fax/scan/copy OK
 Statement of Patient’s Right to Revoke and Rules of Redisclosure
 Date of Expiration (Governed by State Law - No longer than 1 Yr)
34
34
Allowable Disclosures:
Qualified Service Organization
(QSO)
 Definition: An Organization that provides services to a
program, such as:
 data processing; Electronic Medical Records – info exchange
 Holding/Storing patient data
 dosage preparation; laboratory analyses
 bill collecting
 legal, medical, accounting, or other professional services
Source: 42 CFR § 2.11
36
36
Allowable Disclosures:
Qualified Service Organization
(QSO)
 A written agreement with a program under which that
person:
 (1) Acknowledges that in receiving, storing, processing or
otherwise dealing with any patient records from the
programs, it is fully bound by these regulations; and
 (2) If necessary, will resist in judicial proceedings any efforts
to obtain access to patient records except as permitted by
these regulations.
Source: 42 CFR § 2.11
37
37
Allowable Disclosures:
Internal Communications
 May disclose patient-identifying information without
consent within a program IF the recipient needs the info to
provide alcohol / drug services.
 If program is part of a larger multi-service organization,
disclosure of info can only be made to personnel involved in
records, billing, or direct clinical care of patient.
 Cannot be shared with program or agency personnel who
do not need it in specific connection to their duties.
Source: 42 CFR § 2.11
38
38
Allowable Disclosures:
Medical Emergency
 Disclosure (and redisclosure) of patient-identifying info is
permitted to medical personnel -but not family- if patient is
experiencing a medical emergency.
 Documentation of disclosure must occur immediately
afterward:
Name of medical personnel and healthcare facility to who
disclosure was made;
Name of individual making disclosure; date & time
Nature of Medical Emergency
Source: 42 CFR § 2.11
40
40
Allowable Disclosures:
Audit/Evaluation/Research
 Program can disclose patient-identifying info. without
consent:
 Researchers – But they are prohibited from using it for any
other purpose or from redisclosing it except back to the
program (data/report must be de-identified).
 Auditor/Evaluator – May only use info for program audit and
eval and redisclose only back to program; govt. agency
overseeing Medicare/Medicaid audit; or court during a
program (not a patient) investigation.
Source: 42 CFR § 2.11
41
41
Allowable Disclosures:
Crimes on Program Premises/Against
Program Personnel
 If a crime is committed, or threatened, on
program premises or against program
personnel, staff may disclose identifying
information including:
 suspect’s name, address, last known whereabouts,
and status as a patient in the program.
 Duty to warn – Governed by State Laws (see
below).
Source: 42 CFR § 2.11
42
42
Allowable Disclosures:
Crimes on Program Premises –
What about “Duty to Warn?”
 “Duty to Warn” refers to an obligation to alert others
(e.g. law enforcement) when someone threatens to
commit a future crime, or confesses to a past crime.
 Governed by State Law
 Tarasoff v. Regents of U. of CA; other states do not require
warning (e.g. HI, more permissive) .
 There are ways to warn without violating 42 C.F.R.,
Part 2
 Anonymous or non-patient identifying report
 Court order (“extremely” serious crime) Source: 42
CFR § 2.11
43
43
Allowable Disclosures:
Child/Elder Abuse
 Reporting of Child Abuse/Neglect and Elder Abuse
are governed by State Laws.
 42 C.F.R., Part 2 allows for initial report and written
confirmation of the report.
 BUT, does not permit programs to disclose records
and patient-identifying information for an on-going
investigation, without a Court Order.
Source: 42 CFR § 2.11
44
44
Allowable Disclosures:
Court Order
 A court may issue a special court order authorizing a program
disclose patient-identifying info, but must follow special
procedures.
 Before issuing order, court must: Provide notice to patient &
program, and provide opportunity for patient/program to make
oral or written statement to the court.
 Must have “good cause” for the disclosure. “Good cause” is
defined as:
 Public interest and need for disclosure outweigh an adverse effect
disclosure will have on Patients, Doctor-Patient Relationship,
Effectiveness of Program Services.
 No alternative way of getting the information.
Bottom Line:
 Confidentiality laws, regulations and policies do
not preclude the sharing of information for care
coordination, as long as proper written consents
are in place.
 Confidentiality concerns should not stop
addiction, mental health or primary care
providers from providing quality care to patients.
 Instead of viewing confidentiality as a barrier,
focus on educating clients on info sharing to
ensure better quality services and
communication between providers.
TIPS on Confidentiality and
Disclosure
 The client’s rights and the limits of confidentiality should be
explained at the beginning of treatment.
 Educate patients about informed consent and the importance of
information sharing among all of the HC providers at the time of
treatment.
 Respect decision of patients who opt out of info. sharing
 Information should only be released with the client’s or
guardian’s permission; client information should not be
communicated outside of the treatment team.
 Implement use of routine consent forms that include each
necessary organization or provider, state/federal regs., signed.
 Encourage patients to expect communication, collaboration,
shared tx. plans and joint decision-making.
51
PRACTICAL SAFEGUARDS
 What are some practices you do to ensure
that Protected Health Information (PHI) is
secured?
PRACTICAL SAFEGUARDS
 Do not leave papers containing PHI lying around where
others can see them
 At end of workday – clear desk or other exposed areas of
PHI and place I secure location (file, cabinet, desk
drawer).
 Do not talk about patient PHI in public areas
 If you take work home don’t leave it in a place accessible
to people not agency employees, keep locked in a
briefcase or in car/trunk.
HIPAA vs. 42 C.F.R., Part 2
 The laws cover a lot of the same material.
 Some points of difference – more specific or more
recent rule usually applies.
 For the SUD Treatment providers, in most cases the
rules of 42 CFR Part 2 are more stringent
 In some cases HIPAA is more stringent.
Re-disclosure of Information
 HIPAA is silent on this topic.
 42 C.F.R., Part 2 requires that a statement prohibiting re-
disclosure accompanies the patient information that is
disclosed.
SUD/AOD providers must follow 42 C.F.R., Part 2.
Disclosures to Other Providers
 HIPAA allows, but does not require, programs to make
disclosures to other healthcare providers without
authorization.
 42 CFR Part 2 limits this to medical emergencies.
SUD/AOD providers must follow 42 C.F.R., Part 2.
Medical Emergencies
 HIPAA allows health care providers to inform family
members of the individual’s location and condition
without consent in emergency circumstances or if a
person is incapacitated.
 42 CFR Part 2 limits this disclosure to medical personnel
ONLY.
SUD/AOD providers must follow 42 C.F.R., Part 2.
Disclosure to Public Health
 HIPAA permits disclosure to a public health authority for
disease prevention or control, or to a person who may
have been exposed to or at risk of spreading a disease or
condition.
 42 C.F.R., Part 2 prohibits these disclosures unless there is
an authorization, court order, or the disclosure is done
with out revealing patient information.
SUD/AOD providers must follow 42 CFR Part 2; BUT
California state laws compel notification.
Right to Access Records
 HIPAA REQUIRES a covered program to give an individual
access to his/her own health information (with few
exceptions).
 42 CFR Part 2 gives programs DISCRETION to decide
whether to permit patients to view or obtain copies of
their records, unless they are governed by a state law that
gives right to access.
SUD/AOD providers must follow HIPAA.
HITECH
 In 2009, the American Recovery and Reinvestment Act of
2009 (ARRA) was signed into law.
 Health Information Technology for Economic and Clinical
Health Act (HITECH) – was a key part of ARRA.
 Expanded and changed some regulations to promote the
adoption and meaningful use of health information
technology.
 HITECH Act addresses the privacy and security concerns
associated with the electronic transmission of health
information and electronic medical records.
The role of Health IT
 HIT enables integrated tx. by linking programs, services
and providers
 HIT can help providers:
 Communicate and collaborate between providers and






programs
Track progress of those who leave a program
Reduce redundancy between programs and providers
Increase delivery of Evidence-based care
Extend the efficiency of the workforce.
Increased accessibility to health records raises questions of
how to ensure pt. confidentiality and trust.
Functionality to promote integrated care while protecting
privacy and confidentiality.
Thank You!
Sherry Larkins, Ph.D.
UCLA – Integrated Substance Abuse Programs
larkins@ucla.edu