This blog is part of our celebration of National Health IT Week. Here, Associate Professor of Health Information Management Maggie Foley explores the evolving challenge of securing patient health information relating to substance use disorders.

Health informatics professionals continually work to ensure health information is secure, private, accurate and available where and when needed.

The need to share and secure information for the coordination of healthcare service is of particular importance for patients with substance use disorders (SUD). Patients with SUD not only experience higher rates of physical illnesses including cardiovascular disease and diabetes, they often have heightened privacy concerns regarding the sensitive nature of their health information.  

Earlier this year, revisions to the federal regulations governing the confidentiality of substance abuse records (42 CFR Part 2) became effective. Given that these federal regulations were implemented in 1975 and last substantially revised in 1987, updated regulations were greatly needed to facilitate electronic information exchange within new health care models while still addressing the privacy concerns of patients seeking treatment for a substance use disorder.   

Many called for the modernization of 42 CFR Part 2 out of a concern that the regulation served as a barrier to the integration of substance use disorder treatment and physical health care.  In addition to revising the federal SUD confidentiality regulations, the Office of the National Coordinator for Health Information Technology (ONC) and the Substance Abuse and Mental Health Services Administration (SAMHSA) have engaged in various initiatives to promote the safe and secure exchange of health data to integrate primary care and behavioral health treatment. 

One such initiative from these collaborative efforts of the ONC and SAMHSA was the development of an open-source health IT solution, Consent2Share, which can assist SUD providers in managing the more rigorous 42 CFR requirements for patient consent while sharing substance use disorder information as needed for patient care. 

Effectively managing health information that requires greater privacy protections requires the ability for data segmentation within a record and consent management tools. Subject matter expertise is needed beyond that of technical requirements for an infrastructure to support data segmentation and exchange.  Subject matter experts are needed to evaluate value sets (e.g., SNOMED and ICD-10-CM codes) and to develop definitions of sensitive data categories for an organization. Guidance to assist with many of these challenges is available from the ONC. 

Ideally, techniques and tools implemented to comply with the federal regulations related to SUD information will also be employed for any type of health information a patient may view as sensitive due to greater risks in the event of disclosure such as discrimination, social stigma and physical harm. 

Maggie Foley is an associate professor of health information management in the Department of Health Services Administration and Policy.