How Does the Opioids Bill Address Patient Consent, Medical Records?

September 26, 2018 - As efforts to address the opioid crisis and mental and behavioral health issues come to the forefront, as do questions of patient consent, privacy, and medical records access.

Specifically, impending legislation to address the opioid crisis has brought to light the issue of patient consent and medical records sharing between different providers.

The package of legislation awaits approval of both the House and Senate, and although many healthcare professionals laud its intentions to address the opioid crisis, some say it must do more to allow for care coordination between providers.

What are the current regulations for patient consent and medical records sharing? And for what are healthcare industry experts advocating? Below, PatientEngagementHIT.com outlines the issue of patient consent to medical records sharing, HIPAA regulations, and issues with the impending opioids bill.

What are current regulations?

Currently, most HIPAA policies treat all protected health information (PHI) the same, with some exceptions. Medical professionals may discuss PHI with other entities when the provider believes there are patterns of abuse, or that patients will harm themselves or others.

Providers may also discuss PHI with family members when there is adequate patient consent. With patient approval, providers may discuss issues with mental health medication adherence, some diagnoses, and other health-related information. Providers may not do this if the patient has expressed a preference for total privacy.

HIPAA does allow for some exceptions. For example, when a patient is incapacitated – either from bodily harm or an inability to make decisions due to drug or alcohol use – clinicians may discuss cases with family members. Under these regulations, providers can discuss the need for substance misuse treatment or opioid overdoses with family members, for example.

HIPAA also allows for participation from other providers.

“HIPAA permits health care providers to disclose to other health providers any protected health information (PHI) contained in the medical record about an individual for treatment, case management, and coordination of care and, with few exceptions, treats mental health information the same as other health information,” HHS notes on its website.

This kind of information includes medication prescription and monitoring, clinical test results, modalities of treatment.

Patient data sharing during the opioid crisis

The current opioid crisis has called into question HIPAA’s provisions for patient consent and medical records sharing as they pertain to behavioral and mental health issues. As more patients suffer from opioid misuse and substance use disorder, medical experts say better coordination of care between providers will be essential.

HIPAA does have some regulations for this level of data sharing. The law’s 42 CFR part 2 (known as Part 2) allows medical professionals to share PHI when it pertains to a patient’s substance misuse disorder. This regulation was developed in the 1970s in response to more patients seeking treatment for substance misuse disorder.

As opioid misuse disorder pervades the country, medical experts argue whether Part 2 goes far enough. To what extent should providers have ample access to a patient’s history with substance misuse disorder, and to what extent is patient consent and privacy still important?

Those questions became most salient as health policymakers debated inclusion of an expanded Part 2 provision in a recent package of legislation related to the opioids crisis. The package includes a series of bills aimed at improving patient access to treatment for opioid misuse disorder, and is expected to pass in the coming week.

Leading up to the bill’s vote, policymakers and industry experts alike debated the inclusion of Part 2 in the legislation. The House of Representatives’ version of the bill included Part 2, but the Senate version did not. Recently, a finalized version of the bill emerged without the Part 2 provisions.

This comes much to the chagrin of medical groups that believe better patient data sharing between providers could improve patient safety. Easier records sharing will allow different providers to make better decisions regarding care, some experts state. For example, if a doctor has access to medical records pertaining a patient’s history of opioid misuse, the doctor may choose a non-opioid pain management plan for the patient.

Not including an expanded Part 2 in the opioids package would limit those abilities, said a group of nearly 100 medical groups spearheaded by the American Hospital Association.

“Modifying Part 2 to ensure that HIPAA-covered entities have access to a patient’s entire medical record will improve patient safety, treatment and outcomes across the care delivery spectrum, enhancing the entire opioid package,” the organizations said in a letter leading up to the bill’s Senate and House reconciliation.

Supporters of the Senate’s move that that expanding Part 2 would step on patient privacy rights.

This is not to say medical groups are not pleased with the legislation overall. Many industry experts, including the AHA, acknowledge that the legislation promotes better patient access to care and use of non-opioid pain management. However, AHA and others argue that the bill does not go far enough.

Final votes on the opioid package are expected soon, with policymakers expecting this bill to pass.