Sherry Larkins, Ph.D. UCLA Integrated Substance Abuse Programs Training Roadmap What are the ethical issues we face as providers? What are the confidentiality issues we face as providers? How does integrated care affect client confidentiality? How do HIPAA, 42 CFR-part 2, and state confidentiality policies influence practice? Changing Landscape of SUD Tx. ACA and other regulations are moving SUD Tx. toward more coordinated and integrated care. SUD tx. will be delivered in a variety of different settings, including mental health and PC facilities. One perceived barrier to care integration = the laws/policies that govern SUD, MH and PC treatment differ (42 CFR vs. HIPAA) This may affect how providers share information with others who may be involved with client care. Integrated care entities will require access to SUD info to provide best care. Discussion: What are some examples of ethical issue in a substance abuse program that you have experienced? Witnessed? Ethics Ethics codes = laws that guide professionals in helping clients in a fair, respectable, objective, and humane way Personal values guide moral conduct appropriate for work settings Understanding the connection between law and ethics and feeling a responsibility to integrate both appropriately Ethics Ethical behavior requires a familiarity with laws, and the profession’s philosophy and code of ethics. Sensitivity to the moral dimensions of counseling and your personal principles Understanding your agencies policies and procedures for client services (conflict of interest, referrals, chain of command, roles, responsibilities) Professional Boundaries The emotional and physical line that gives our clients space to focus on themselves - not on us. The limits that control the professional’s power so that clients are not hurt. The parameters that keep the professional as objective as possible. Professional Boundaries Provider’s responsibility to maintain professional boundaries: Set proper limits Maintain a treatment focus Be aware of thoughts/feelings generated by the client, or about the client Seek supervision – know what to do with these feelings. What Type of Relationship? •Social/Friendship •Business/Bartering •Gift-giving •Romantic/Sexual Handling clients who want a different type of relationship • Set firm limits • Explain why you are setting the limits • Try not to be rejecting as you set clear limits Sexual Relationships: Legal and Ethical Issues Illegal in all 50 states to ever engage in any form of sexual contact with a client Sexual contact can include: intercourse, oral sex, fondling, any other kind of sexual touching, nudity, kissing, spanking, verbal suggestions, innuendoes, or advances. Considered exploitation by healthcare professional Damage to Client’s mental health Loss of trust in helping professions Loss of objectivity to provide appropriate tx. Client focus is on counselor rather than his/her tx. New code allows for client-counselor relations 5 years after termination of professional relationship. THINGS TO CONSIDER? What is your goal in providing the client with information? What will the information mean to the client? Are you sending confusing messages? Are you sure that it is meeting a client need and not a personal need? Is there another way to accomplish your goal without personal disclosure? Are you okay with EVERYONE in the clinic knowing the information? ACTIVITY: •How do you respond? • Have you ever been in a gang? • Are you married?/Have a boy/girlfriend? • Do you have children? • Have you ever used drugs? • What kind of drugs did you use? • Are you in recovery? • What part of town do you live in? • How old are you? • Do you make a lot of money? • How much do they pay you here? Confidentiality Important legal and ethical responsibility Preserving privacy fosters trust and encourages help-seeking behavior. Balance between a patient’s legitimate desire to maintain privacy of sensitive information and permitting the sharing of information that will improve treatment or public health or safety. Confidentiality in SUD Treatment Involves: HIPAA 42 CFR, part 2 State-based confidentiality policies Additional Protections for HIV infection, DV, genetics, etc Not meant to prevent info-sharing. Federal laws are a baseline; states may adopt more strict regulations. State laws vary widely, presenting challenges for developing unified policy solutions across states Also difficult for technology vendors to develop functionality. Confidentiality in SUD Treatment Questions: How does 42 C.F.R., Part 2 relate to other laws, such as HIPAA and State-specific confidentiality laws? Who has to follow 42 C.F.R., Part 2? What information does it protects? What disclosures are allowable and prohibited by 42 C.F.R., Part 2? By HIPAA What precautions need to be taken when sharing information across agencies? 20 HIPAA Health Insurance Portability and Accountability Act of 1996 Protects health coverage for workers/families when they change/lose their job. Gives privacy and security of PHI (Protected Health information) Administrative simplification – a way to standardize information sharing within a complex healthcare system. Establishes national standards for electronic health care transactions; sets minimum privacy protections What is Protected Health Information (PHI)? 2 Components Identifies the client Health Information Any information that is oral, written, electronic, created or received by health care provider, health plan, public health authority, employer, insurer, or others. Relating to past, present or future physical or mental health status, health care, and payment for such services. 42 U.S. Code 290dd 42 CFR Part 2 Regulations governing confidentiality of alcohol and drug abuse patient records First issued 1975, revised 1987 Designed to help deal with the stigma of addiction Imposes restrictions upon disclosure of PHI for clients enrolled in any federally-assisted alcohol and drug abuse program Requires notification of confidentiality, consent forms, prohibition of re-disclosure Confidentiality in Substance Abuse Treatment Settings Confidentiality is necessary because without that guarantee, many individuals with substance abuse problems would be reluctant to participate fully in treatment 26 Examples of 42 C.F.R., Part 2 Programs Free-standing alcohol/drug treatment programs Student Assistance Programs in a school PCP whose provision of these services is their principal practice Employee Assistance Programs Medical personnel or other staff in a general medical care facility whose primary function is the provision of alcohol/drug diagnosis, treatment, or referral for treatment; or as part of a specific unit within general medical facility identified as providing these services. General Rule of “Disclosures” A Program covered by 42 CFR, part 2 may ONLY release information or records that will directly or indirectly identify a client as a substance abuser or treatment patient: With a knowing and written CONSENT from the participant, AND Other EXCEPTIONS(explained below) 42 C.F.R. Part 2 Allowable “Disclosures” Written authorization/ Consent Qualified Service Organization Internal communication (“need to know”) No patient-identifying information Medical emergency Audit/evaluation/ research Crimes (or threats of) on program premises or against program personnel Initial reports of suspected child abuse or neglect Court order meeting specifications of 42 Allowable Disclosures: Written Authorization/Consent Consent must include: Name of Program making disclosure; Name and title of individual or org. permitted to receive info.; Name of patient; Purpose of disclosure; How much & what kind of info. will be disclosed; Signature of Patient and date of Consent; wet/fax/scan/copy OK Statement of Patient’s Right to Revoke and Rules of Redisclosure Date of Expiration (Governed by State Law - No longer than 1 Yr) 34 34 Allowable Disclosures: Qualified Service Organization (QSO) Definition: An Organization that provides services to a program, such as: data processing; Electronic Medical Records – info exchange Holding/Storing patient data dosage preparation; laboratory analyses bill collecting legal, medical, accounting, or other professional services Source: 42 CFR § 2.11 36 36 Allowable Disclosures: Qualified Service Organization (QSO) A written agreement with a program under which that person: (1) Acknowledges that in receiving, storing, processing or otherwise dealing with any patient records from the programs, it is fully bound by these regulations; and (2) If necessary, will resist in judicial proceedings any efforts to obtain access to patient records except as permitted by these regulations. Source: 42 CFR § 2.11 37 37 Allowable Disclosures: Internal Communications May disclose patient-identifying information without consent within a program IF the recipient needs the info to provide alcohol / drug services. If program is part of a larger multi-service organization, disclosure of info can only be made to personnel involved in records, billing, or direct clinical care of patient. Cannot be shared with program or agency personnel who do not need it in specific connection to their duties. Source: 42 CFR § 2.11 38 38 Allowable Disclosures: Medical Emergency Disclosure (and redisclosure) of patient-identifying info is permitted to medical personnel -but not family- if patient is experiencing a medical emergency. Documentation of disclosure must occur immediately afterward: Name of medical personnel and healthcare facility to who disclosure was made; Name of individual making disclosure; date & time Nature of Medical Emergency Source: 42 CFR § 2.11 40 40 Allowable Disclosures: Audit/Evaluation/Research Program can disclose patient-identifying info. without consent: Researchers – But they are prohibited from using it for any other purpose or from redisclosing it except back to the program (data/report must be de-identified). Auditor/Evaluator – May only use info for program audit and eval and redisclose only back to program; govt. agency overseeing Medicare/Medicaid audit; or court during a program (not a patient) investigation. Source: 42 CFR § 2.11 41 41 Allowable Disclosures: Crimes on Program Premises/Against Program Personnel If a crime is committed, or threatened, on program premises or against program personnel, staff may disclose identifying information including: suspect’s name, address, last known whereabouts, and status as a patient in the program. Duty to warn – Governed by State Laws (see below). Source: 42 CFR § 2.11 42 42 Allowable Disclosures: Crimes on Program Premises – What about “Duty to Warn?” “Duty to Warn” refers to an obligation to alert others (e.g. law enforcement) when someone threatens to commit a future crime, or confesses to a past crime. Governed by State Law Tarasoff v. Regents of U. of CA; other states do not require warning (e.g. HI, more permissive) . There are ways to warn without violating 42 C.F.R., Part 2 Anonymous or non-patient identifying report Court order (“extremely” serious crime) Source: 42 CFR § 2.11 43 43 Allowable Disclosures: Child/Elder Abuse Reporting of Child Abuse/Neglect and Elder Abuse are governed by State Laws. 42 C.F.R., Part 2 allows for initial report and written confirmation of the report. BUT, does not permit programs to disclose records and patient-identifying information for an on-going investigation, without a Court Order. Source: 42 CFR § 2.11 44 44 Allowable Disclosures: Court Order A court may issue a special court order authorizing a program disclose patient-identifying info, but must follow special procedures. Before issuing order, court must: Provide notice to patient & program, and provide opportunity for patient/program to make oral or written statement to the court. Must have “good cause” for the disclosure. “Good cause” is defined as: Public interest and need for disclosure outweigh an adverse effect disclosure will have on Patients, Doctor-Patient Relationship, Effectiveness of Program Services. No alternative way of getting the information. Bottom Line: Confidentiality laws, regulations and policies do not preclude the sharing of information for care coordination, as long as proper written consents are in place. Confidentiality concerns should not stop addiction, mental health or primary care providers from providing quality care to patients. Instead of viewing confidentiality as a barrier, focus on educating clients on info sharing to ensure better quality services and communication between providers. TIPS on Confidentiality and Disclosure The client’s rights and the limits of confidentiality should be explained at the beginning of treatment. Educate patients about informed consent and the importance of information sharing among all of the HC providers at the time of treatment. Respect decision of patients who opt out of info. sharing Information should only be released with the client’s or guardian’s permission; client information should not be communicated outside of the treatment team. Implement use of routine consent forms that include each necessary organization or provider, state/federal regs., signed. Encourage patients to expect communication, collaboration, shared tx. plans and joint decision-making. 51 PRACTICAL SAFEGUARDS What are some practices you do to ensure that Protected Health Information (PHI) is secured? PRACTICAL SAFEGUARDS Do not leave papers containing PHI lying around where others can see them At end of workday – clear desk or other exposed areas of PHI and place I secure location (file, cabinet, desk drawer). Do not talk about patient PHI in public areas If you take work home don’t leave it in a place accessible to people not agency employees, keep locked in a briefcase or in car/trunk. HIPAA vs. 42 C.F.R., Part 2 The laws cover a lot of the same material. Some points of difference – more specific or more recent rule usually applies. For the SUD Treatment providers, in most cases the rules of 42 CFR Part 2 are more stringent In some cases HIPAA is more stringent. Re-disclosure of Information HIPAA is silent on this topic. 42 C.F.R., Part 2 requires that a statement prohibiting re- disclosure accompanies the patient information that is disclosed. SUD/AOD providers must follow 42 C.F.R., Part 2. Disclosures to Other Providers HIPAA allows, but does not require, programs to make disclosures to other healthcare providers without authorization. 42 CFR Part 2 limits this to medical emergencies. SUD/AOD providers must follow 42 C.F.R., Part 2. Medical Emergencies HIPAA allows health care providers to inform family members of the individual’s location and condition without consent in emergency circumstances or if a person is incapacitated. 42 CFR Part 2 limits this disclosure to medical personnel ONLY. SUD/AOD providers must follow 42 C.F.R., Part 2. Disclosure to Public Health HIPAA permits disclosure to a public health authority for disease prevention or control, or to a person who may have been exposed to or at risk of spreading a disease or condition. 42 C.F.R., Part 2 prohibits these disclosures unless there is an authorization, court order, or the disclosure is done with out revealing patient information. SUD/AOD providers must follow 42 CFR Part 2; BUT California state laws compel notification. Right to Access Records HIPAA REQUIRES a covered program to give an individual access to his/her own health information (with few exceptions). 42 CFR Part 2 gives programs DISCRETION to decide whether to permit patients to view or obtain copies of their records, unless they are governed by a state law that gives right to access. SUD/AOD providers must follow HIPAA. HITECH In 2009, the American Recovery and Reinvestment Act of 2009 (ARRA) was signed into law. Health Information Technology for Economic and Clinical Health Act (HITECH) – was a key part of ARRA. Expanded and changed some regulations to promote the adoption and meaningful use of health information technology. HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information and electronic medical records. The role of Health IT HIT enables integrated tx. by linking programs, services and providers HIT can help providers: Communicate and collaborate between providers and programs Track progress of those who leave a program Reduce redundancy between programs and providers Increase delivery of Evidence-based care Extend the efficiency of the workforce. Increased accessibility to health records raises questions of how to ensure pt. confidentiality and trust. Functionality to promote integrated care while protecting privacy and confidentiality. Thank You! Sherry Larkins, Ph.D. UCLA – Integrated Substance Abuse Programs larkins@ucla.edu