The changes presented in the Substance Use Disorder (SUD) Confidentiality Final Rule may require an immediate update of the agreements between the health plan or employer and service providers who receive information about the treatment of SUD. A definitive rule, published by the Substance Abuse and Mental Health Service Administration (SAMHSA) in January 2018, implemented new changes to federal rules regarding the confidentiality and disclosure of SUD patient records, known as 42 CFR Part 2 or ”Part 2.” This South-South privacy rule maintains important patient protection provisions, including compliance requirements, and expands the way information on substance use disorders can be transmitted to patients for payment purposes or for healthcare operations. there are certain necessary elements of a BAA, such as (1) the counterparty`s definition of permitted and necessary uses and disclosures of IHP; (2) provide that the counterparty does not use or disclose the information differently from that authorized by the BAA or otherwise prescribed by law; and (3) request the counterparty to take appropriate security measures to prevent the unauthorized use or disclosure of IHP. [vi] There are additional best practices that can be recommended by your lawyer for managing a covered company`s relationship with its business partners, for example. B the inclusion of a disclaimer for the agency relationship and the inclusion of languages that do not indicate that the agreement is not intended for the benefit of third parties. If you work for a covered company that has some form of federal support and provides drug abuse services that meet the criteria of a program under the Drug and Alcohol Secrecy Act – that is, the covered company ”claims that it offers and offers diagnoses, treatments, or transfers of alcohol or drug abuse for treatment (42 CFR, Part 2, 2.11)”1, you must consider this federal law, if you are writing your counterparty agreements. This can be done by integrating the qualified service organisation agreement into the counterparty agreement and by ensuring that aspects of the counterparty agreement are not contrary to the terms of the qualified services agreement. This agreement is very short, but comprehensive and is as follows: all potential agreements must be reviewed in order to determine whether a qualified service organization/counterparty agreement is authorized after 42 CFR, Part 2. For example, no agreement can be signed with law enforcement or other drug or alcohol treatment programs that provide patients with the same services as the drug and alcohol treatment program that initiates the agreement. Counterparty agreements for processing, payment and exploitation purposes are not necessary in accordance with the data protection rule. Once you are sure that a counterparty agreement is appropriate, it may be useful to start with a standard counterparty agreement form that generally meets your needs, for example.B. the form available on the Civil Rights Office (OCR) website under www.hhs.gov/ocr/hipaa. If you don`t have patients protected by other, stricter federal or state laws protecting their data protection rights, you may be able to comply with the OCR agreement and fill in the gaps.
[vi] www.hhs.gov/hipaa/for-professionals/covered-entities/sample-business-associate-agreement-provisions/index.html However, since addiction treatment programs cannot disclose protected health information without authorization for treatment, payment, and operation, a qualified service organization agreement can only be authorized with a mental health provider as an alternative to patient authorization. . . .