The basics of 42 CFR Part 2 following the 2017 and 2018 revisions

Richard Chapman (richard.chapman@uky.edu) is Chief Privacy Officer and Litany Webster (litany.webster@uky.edu) is Corporate Compliance Manager at UK HealthCare in Lexington, KY.

42 CFR Part 2 (Part 2) was enacted in 1975 to protect the confidentiality of patient records related to substance use disorder treatment from applicable Part 2 programs. The purpose of Part 2’s additional confidentiality safeguards is to reduce the risk of harmful consequences for individuals who seek treatment, such as loss of employment, prosecutions and incarceration, health treatment discrimination, and child custody issues if the patient’s treatment record is not protected.[1] From 1987 to 2017, the regulation remained substantially unchanged. However, amidst criticism that the regulation was no longer in tune with the current state of modern healthcare, the regulation was updated in 2017 and 2018 with the goal to better align it with the Health Insurance Portability and Accountability Act (HIPAA), the modern integrated healthcare model, and electronic health information exchanges (HIE).

These revisions left intact the overarching purpose of Part 2. Providing a complete overview of Part 2 and the 2017–2018 revisions would take several articles. Accordingly, the purpose of this article is to provide a foundational understanding of the fundamentals of 42 CFR Part 2. This article will discuss Part 2’s use and disclosure restrictions, how to determine Part 2 program applicability, disclosure consent form requirements, notice prohibiting re-disclosure, and security policy and procedure requirements for electronic health records.

This document is only available to members. Please log in or become a member.
 


Would you like to read this entire article?

If you already subscribe to this publication, just log in. If not, let us send you an email with a link that will allow you to read the entire article for free. Just complete the following form.

* required field