Skip to main content
PMC home page
NIHPA Author Manuscripts logoLink to NIHPA Author Manuscripts
. Author manuscript; available in PMC: 2020 Feb 1.
Published in final edited form as: J Subst Abuse Treat. 2018 Nov 19;97:41–46. doi: 10.1016/j.jsat.2018.11.005

Interpretation and Integration of the Federal Substance Use Privacy Protection Rule in Integrated Health Systems: A Qualitative Analysis

Aimee N C Campbell a, Dennis McCarty b, Traci Rieckmann c, Jennifer McNeely d, John Rotrosen e, Li-tzy Wu f, Gavin Bart g
PMCID: PMC6310476  NIHMSID: NIHMS1514470  PMID: 30577898

Abstract

Background:

Federal regulations (42 CFR Part 2) provide special privacy protections for persons seeking treatment for substance use disorders. Primary care providers, hospitals, and health care organizations have struggled to balance best practices for medical care with adherence to 42 CFR Part 2, but little formal research has examined this issue. The aim of this study was to explore institutional variability in the interpretation and implementation of 42 CFR Part 2 regulations related to health systems data privacy practices, policies, and information technology architecture.

Methods:

This was a cross-sectional qualitative study using purposive sampling to conduct interviews with privacy/legal officers (n =17) and information technology specialists (n = 10) from 15 integrated healthcare organizations affiliated with three research nodes of the National Institute on Drug Abuse (NIDA) National Drug Abuse Treatment Clinical Trials Network (CTN). Trained staff completed a short survey and digitally recorded semi-structured qualitative interview with each participant. Interviews were transcribed and coded within Atlas.ti. Framework analysis was used to identify and organize key themes across selected codes.

Results:

Participants voiced concern over balancing patient safety with 42 CFR Part 2 privacy protections. Although similar standards of protection regarding release of information outside of the health system was described, numerous workarounds were used to manage intra-institutional communication and care coordination. To align 42 CFR Part 2 restrictions with electronic health records, health systems used sensitive note designation, “break the glass” technology, limited role-based access for providers, and ad hoc solutions (e.g., provider messaging).

Conclusions:

In contemporary integrated care systems, substance-related EHR records (e.g., patient visit history, medication logs) are often accessible internally without specific consent for sharing despite the intent of 42 CFR Part 2. Recent amendments to 42 CFR Part 2 have not addressed information sharing needs within integrated care settings.

Keywords: addiction, health information technology, privacy, integrated care, qualitative research

1. INTRODUCTION

The opioid epidemic has brought substance use disorders (SUDs) to greater public attention. Multiple government agencies, the U.S. Surgeon General (Office of the Surgeon General, 2016) and the President’s Commission on Combatting Drug Addiction and the Opioid Crisis (Christie et al., 2017) have called for increased access to treatment. These efforts coincide with increased recognition that SUDs are medical conditions whose identification and treatment must be integrated into general medical practice (Fiellin & O’Connor, 2002; Fiellin et al., 2008). Federal regulations, however, complicate efforts to integrate treatment for SUD within general medical settings(McCarty, Rieckmann, Baker, & McConnell, 2017).

In 1972, Section 42 Part 2 was adopted in the Code of Federal Regulations (42 CFR Part 2) to protect the privacy of persons seeking and obtaining treatment for SUD and to prevent the unauthorized disclosure of personal information to police and other authorities. The rule prohibited entities (defined as units or personnel in general medical or addiction specialty settings whose “primary function is the provision of alcohol or drug abuse diagnosis, treatment or referral for treatment and who are identified as such providers”) from disclosing medical records related to that care without express and specific consent (some exceptions exist for emergency situations). When enacted, there was little need to communicate outside standalone addiction treatment settings, and specific consents for information sharing were easily managed. Since the initial passage and subsequent revisions of 42 CFR Part 2 in 1992, 2017, and 2018, however, there has been a gradual mainstreaming of SUD care into general medical settings and broad implementation of electronic health records (EHR).

The Mental Health Parity and Addiction Equity Act of 2008 required commercial health plans to manage benefits for behavioral health services the same as they manage other medical conditions. The Affordable Care Act of 2010 extended health insurance benefits to millions of uninsured Americans, increasing access to and demand for SUD services (Abraham et al., 2017; Buck, 2011). Additionally, the Health Information Technology for Economic and Clinical Health (HITECH) Act of 2009 mandated that all medical and behavioral health records become electronic and that practitioners make “meaningful use” of this information to enhance quality of care. Thus, over the past 10 years there have been significant changes in who can access SUD care, how it is paid for, and how records are maintained.

The Substance Abuse and Mental Health Services Administration (SAMHSA) has worked to better align 42 CFR Part 2 with contemporary health systems and EHRs. It amended the regulation in January 2017 (SAMHSA, 2017) and January 2018 (SAMHSA, 2018). This triggered intense debate (Knopf, 2017) with support for the revisions coming from health providers and organizations such as the American Society of Addiction Medicine, the National Association of Addiction Treatment Providers, and the National Association of State Alcohol and Drug Abuse Directors. SUD advocacy groups, including the Legal Action Center, the American Association for the Treatment of Opioid Dependence, and the National Council on Alcoholism & Drug Dependence, however, raised concern over changes that are seen as limiting patient protections. See public comments at https://www.regulations.gov/docket?D=HHS-OS-2016–0005. Both sides deploy legal opinion and interpretation to buttress their argument, but few data are available to inform the debate.

Compliance with 42 CFR Part 2 has been a source of confusion to health systems. Providers remain uncertain about when the rule applies and burdened by perceived barriers to coordinating care between general medical and SUD providers (McCarty et al., 2017; Schaper, Padwa, Urada, & Shoptaw, 2016). Little is known about the institutional variability in how 42 CFR Part 2 is interpreted or in how EHRs are structured to implement these interpretations (Barnett & Connery, 2018). The aim of this study is to explore institutional variability in the interpretation and implementation of 42 CFR Part 2 regulations related to health systems data privacy practices, policies, and information technology architecture.

2. MATERIAL AND METHODS

2.1. Participants

The study team included research “nodes” participating in the National Institute on Drug Abuse (NIDA) National Drug Abuse Treatment Clinical Trials Network (CTN) from Minnesota, New York and Oregon. In 2016–2017, each node recruited a purposive sample from affiliated SUD specialty programs and health care organizations (N=15) to participate in a qualitative study. To be included, organizations had to provide both general medical and SUD care. Respondents held the position of a privacy officer/general counsel (or equivalent) (n=17) or information technology/EHR specialist (or equivalent) (n=10). To be selected for participation, they needed to be authorized to create or interpret institutional policy related to patient privacy, or involved in shaping the architecture or privacy controls within the EHR. The Institutional Review Board at each node reviewed the protocol and either approved it or deemed it exempt from IRB review. All respondents provided verbal consent prior to completing study procedures.

2.2. Assessment

The single research visit consisted of a brief survey and semi-structured interview. The survey collected demographic and professional (i.e., sex, race/ethnicity, job title, length of time at organization, familiarity with and training on 42 CFR Part 2) and organizational characteristics (i.e., number of full-time equivalent employees, setting type [e.g., teaching hospital, HMO], EHR software).

Interviews ranged from 20 to 62 minutes (M=38 minutes, SD=11 minutes), were conducted in person when possible (n=24) or by phone when needed (n=3), and were digitally recorded and transcribed. In all but one case legal and IT respondents were interviewed separately. Seven organizations contributed both a legal officer and IT specialist, 6 organizations only legal officers, and 2 organizations only IT specialists. Each respondent was offered $100 for completing the visit.

Semi-structured interview guides were developed through discussion with the protocol development team (including all coauthors). Interviewers (AC, DM, TR, GB) completed a brief training on qualitative interviewing skills and discussion of the purpose and meaning of questions on the interview guide. The interview guide consisted of five main question domains (e.g., current experience with 42 CFR Part 2 and interpreting 42 CFR Part 2 in the context of state regulations); interview probes were used to further explore responses.

2.3. Data Analysis

De-identified transcribed interviews were uploaded to Atlas.ti for data management (Scientific Software Development GmbH, Berlin). Atlas.ti allows for text segments to be identified by codes. A qualitative interview codebook designed to capture major themes was developed based on the interview guides, with additional codes added as needed. The study team (AC, GB, TR, JL) coded, discussed, and achieved consensus on the first three interviews and remaining interviews were coded by two team members (AC, JL). Framework analysis, a systematic method for organizing and sorting coded text by case and themes, was constructed and used for data analysis (Gale, Heath, Cameron, Rashid, & Redwood, 2013; Ritchie & Spencer, 1994). Direct quotes were used to retain respondents’ voices and connections to the transcripts.

3. RESULTS

3.1. Respondent and Organizational Characteristics

The participating organizations included four community health centers, three medical school-affiliated health systems, two health maintenance organizations, two specialty addiction programs with primary care services, an integrated health system, a health IT collaborative, a comprehensive health system, and a public hospital system. Organization size varied from 215 to more than 45,000 full-time employees (median=5,714). Epic(n=7) and EClincialWorks (n=2) were the most common electronic health software. More than half of the respondents were women (56%). Their 42 CFR Part 2 training was typically informal or individually sought (e.g., webinars, training/consultation with Legal Action Center), with the exception of standard organizational orientations at the time of hire. Self-reported familiarity with 42 CFR Part 2 was moderate, with legal respondents reporting slightly greater familiarity (M=5.6, SD=0.72) compared to IT respondents (M=5.0, SD=1.05; on a scale of 1=“not at all” to 7=“extreme”).

3.2. Primary Themes

Four primary themes emerged in the interpretation and implementation of 42 CFR Part 2 regulations: 1) need to balance patient healthcare and safety versus privacy, 2) internal versus external disclosures, 3) ambiguity around the definition of “a federally assisted program”, and 4) implementation of 42 CFR Part 2 within EHRs. These themes reflect both salient experiences and recurrent respondent comments.

3.2.1. Healthcare and safety versus privacy

Respondents struggled to adhere to 42 CFR Part 2 regulations while at the same time placing patient safety and care in the forefront.

“I think there’s just the concern that if we were to restrict some things, we run the risk of not having all the appropriate information in order to treat the patient.” [109, IT]

A legal officer spoke about the burden of trying to adhere to the regulations and promote safe patient care.

“Our addiction medicine people were very adamant to say, ‘We need to figure out a way.’ Because we could’ve said, you know, this whole getting the authorization is just too much work – we’ll just shut it down so they can’t see it. And the physicians were very adamant, the addiction medicine ones the most, to say [other providers] have to have access to this information. We need to put this process in place so they can do it, otherwise our patients in addiction medicine are not safe.” [208, Legal]

Another legal officer, who was also a physician, felt more comfortable tipping towards the side of patient care with less rigid adherence to the regulation.

“So for me as a physician, I’m not saying we’re running wild with this information, but I’m kind of acting like this is a medical disorder. I’m a physician. I’m treating it as a medical disorder. I appreciate it’s sensitive information, but at the same time I’m treating it along with all these other medical disorders and the law intending it to be like completely never accessed by people without all this extra, you know, signature, whatever, can be somewhat compromising to care overall.” [212, Legal]

At the same time, some respondents had a sense that only using standard privacy protections (i.e., HIPAA) might not be sufficient.

But as things continue to progress, I think that people are starting to realize that you have to share information for better patient outcomes. But there’s also a feeling that HIPAA is a little bit weak at times for making sure that information doesn’t get out, so it’s like a weird dynamic.” [202, Legal]

Organizations whose mission had shifted more towards integrated care perceived the sequestration of SUD data as counter to their mission.

Just to be fully transparent, there are clinicians that feel that the sequestration of data is actually important and it should be done, it should be kept confidential, so there are both sides of the argument even on the health side of the discussion and we just as an organization have literally said [to job applicants] that we’re not going to be able to bring you into our system because you’re not going to allow for the transition of information in the way that our organization works. Therefore, we’re not the right organization for you.” [204, IT]

In this sample, organizations, especially those with integrated health records or with a mission that includes fully integrated care, were more likely to talk about utilizing blanket consents to support equal treatment of patient records. This appears to be one way to manage 42 CFR Part 2 regulations, although it is unclear how well these consents work in practice or how well patients understand these agreements and what options they might have for disclosure. As one legal officer noted, the limits of technology pushed them to use a universal consent.

That we’ve had to have patients sign and say ‘I’m aware that my information’s going to be viewable by anyone who sees my medical records.’ Because there was just no way that we could cloak that. And so it was conditional on treatment that they allow us to do it because we couldn’t promise - we couldn’t engineer it so that it wasn’t viewable because our clinical record, didn’t have the technology at the time to do it.” [209, Legal]

3.2.2. Internal versus external information sharing

Respondents acknowledged concerns about sharing information based on the origin of data request. Much of this concern was based on sharing within an organization versus releasing information outside the organization. An information privacy director described it this way:

...so the difference being that if we’re going to release a CD [chemical dependency] treatment record outside […] we would get a written authorization from the patient. But if the patient is being treated [internally], we do some segregation of the record but it is available to a surgical unit or an ICU if they deem it necessary for the complete care of the patient. So we don’t require the written authorization of the patient if it’s needed for treatment within [the organization].” [106, Legal]

Another privacy officer summarized the designations for less or more oversight as follows:

I would say that if we’re going to be liberal, it is in the area of treatment, payment, and operations. If we’re going to be conservative it’s in all of the other categories which is research, law enforcement, health care oversight.” [108, Legal]

3.2.3. Definition of a “federally assisted program”

Respondents reported variability and confusion in how they operationalized the definition of a federally assisted program (i.e., who does the regulation apply).

“When you look at who of our providers would actually be a program, defined as a program under 42 CFR Part 2, I think there’s some room for creative interpretation of the guidelines.” [003, Legal]

Respondents described different ways of making the determination of what would be protected information, including any patient data that captures SUD treatment regardless of where, why or how it was collected. For example:

We’ll just look at the information and determine whether it’s somehow identifying people who are in substance abuse treatment programs. And then treat it as such. Treated as if they were under 42 CFR Part 2.” [103, Legal]

Others talked about designating certain providers or service delivery roles as SUD-related and applying the 42 CFR Part 2 designation to that provider in all practice settings throughout the organization (e.g., a provider who works part-time in addiction treatment is also considered federally assisted when seeing patients in primary care). Respondents also talked about a federally assisted program in the more traditional sense, as a dedicated program that provides SUD services. Inpatient units (e.g., medical, psychiatric) were discussed as not being considered federally assisted under 42 CFR Part 2, because it was too difficult to sequester SUD data on these units given that substance use consultation was an integral part of care.

“It depends on if you’re on inpatient or outpatient. If they’re inpatient anything that’s documented in the consult will be shared.” [102, IT]

In some cases, the confusion over what might be considered “federally assisted” resulted in applying the regulations too stringently in non-specialty medical care settings:

“But nevertheless we are doing assessments and [there] might be some diagnosis of chemical dependency and so, therefore, we figure [NAME OF CLINIC] does fall under that regulation [as federally assisted].” [104, Legal]

While others interpreted the regulations much more broadly (at least according to the revised 2017 rule).

“So if the primary care physician is providing any treatment for addiction medicine, writing prescriptions or whatever that might be, that would not be covered under 42 CFR.” [208, Legal]

3.2.4. Electronic health record implementation

Part of the balance between perceived clinical best practices and adherence to regulations had to do with handling specific types of patient data that were often not sequestered, either by design or because of technical limitations. Many described experiencing less-stringent protection or technical difficulty with narrative notes, appointment calendars, laboratory orders and results, medications, and problem lists. Additionally, patient visit history (“calendaring”), including SUD visits, lab values, medication lists, and diagnostic codes were commonly described as being available. A privacy officer described the dissonance created by the variability or inconsistency of what was sequestered:

I don’t know specifically about the lab notes, but I do know that the calendar, the scheduling is not behind the glass. And then the medications are not behind the glass. So one argument that has been made is that, well we’re kind of slicing and dicing what goes behind the glass but we have these other sort of exceptions where technically something probably is subject to Part 2 and should be uniquely protected. And what I’ve been told is that this was a compromise, that we put as much behind the glass as we could and we can’t make it totally perfect. [108, Legal]

An IT specialist shared a similar assessment of allowing some data in the EHR (e.g., diagnosis, medication lists) without explicit consent, summarizing the situation as building “a brick wall and everyone is going around it.” [006, IT]

Another privacy officer talked about the legal ramifications of not automatically providing medication lists to all providers, indicating that patient safety (even in a non-emergency situation) should trump the regulation.

“I think in this organization we generally would say that medication lists are something that should be shared. I have a really hard time thinking that a patient is on medication that was prescribed by a chemical dependency provider and then they show up in emergency department and no one is aware of that medication. That to me from my legal viewpoint presents a whole lot of problems.” [101, Legal]

Respondents discussed the interface between legal/privacy teams and IT specialists, primarily around strategies that could be implemented in the EHR to track and sequester data. Many talked about the limits of health information technology and how these limits determined what was possible in terms of 42 CFR Part 2 implementation. Four common strategies emerged: 1) the use of sensitive note designation; 2) use of “break the glass” technology to create audit trails of record access and modification; 3) access to specific records based on provider role; and, less frequently, 4) workarounds such as utilizing other areas of the EHR (e.g., “in-boxing”, or using the EHR internal provider messaging function, which is not retained in the medical record) to share relevant information, keeping certain information out of the EHR completely or relaying information person to person, and creating solutions after the fact following data breaches. A legal officer/clinician described the use of sensitive notes:

At the top of all of our notes we write the information about 42 CFR. […] every single one of my notes it says very clearly, that this is confidential information. It should not be shared. Like if someone’s records are requested from [NAME], technically that information should be withheld.” [212, Legal]

A chief technology officer discussed breaking the glass:

We use the technology that’s available and that includes break the glass. And that simply provides a record of who has been accessing what and gives the opportunity for someone to not inadvertently enter a chart without thinking about whether or not they really need to be there and we can report on that. So, that doesn’t preclude access, it simply monitors access, which is a different part.” [205, IT]

Role-based access was illustrated by a privacy officer:

So, if a patient is admitted to one of those units, the record is marked as a record that’s not viewable to anyone outside the ER, as well as those staff where that’s their location to work is on the CD [chemical dependency] treatment unit. So, the staff that are working there can see all of the visits for a patient. But if you’re not designated as a staff person that is allowed to see those records, it says confidential visit.” [106, Legal]

All of these methods to some degree were dependent on staff self-monitoring in terms of what they accessed, as well as a lack of real-time oversight into who was viewing which records. Further, respondents talked about situations in which providers could make their own determination on which sensitive records they needed to see in order to properly treat a patient. Thus, technology-based workarounds were not seen as the solution for 42 CFR Part 2 implementation problems, but rather offered some accountability. As one IT respondent noted:

“What I see with 42 CFR Part 2, a lot of it is really people, people problems. It’s not like an IT situation. I mean we can restrict information being shared; we can restrict information being compromised to a certain extent. But that fax going out the door that says ‘oh by the way this fax is about John Doe and he goes to [addiction specialty program]’ just told everybody on that fax.” [002, IT]

4. DISCUSSION

Despite having a common privacy rule across the country regarding protection of substance use disorder treatment-related medical information, this qualitative study found great variability in institutional interpretation and implementation of these protections. When discussing their approaches to 42 CFR Part 2, participating institutions’ primary concern was balancing patient safety with privacy protections. Although participating sites described similar standards of protection regarding release of information outside of the health system, numerous workarounds were described to manage intra-institutional communication and care coordination, often not appearing to adhere fully to 42 CFR Part 2 regulations. Training on the privacy rule was reported as relatively informal, with outside consultation sought as needed by legal respondents. This has implications for consistency in implementation and institutional memory when there is staff turnover.

SAMHSA’s recent revisions to 42 CFR Part 2 sought to align the regulations with changes in federal legislation and the emergence of EHRs and new models of care (e.g., Accountable Care Organizations). The revisions, however, fail to address the problems identified by respondents in our study, because they do not fully recognize the increased role of the integrated health system in managing SUD. This includes providing treatment within general medicine settings and the creation of “hub and spoke” models of care where patients alternate between primary and specialty care depending on stability of their recovery (Korthuis et al., 2017).

The current rule still imagines that SUD care is provided through programs separate from general healthcare systems. For example, Consent2Share, a SAMHSA-developed patient-controlled SUD consent management program, works well to control levels of consent for SUD record sharing with outside providers and health information exchanges, but current EHRs are not able to parse levels of consent when the non-SUD providers are within the same integrated health system as the SUD treatment provider or program (e.g., the EHR allowing a patient’s cardiologist but not their psychiatrist to see the records when both physicians work in the same clinic). While the technology to segregate data within an EHR undoubtedly exists, none of the major EHR vendors appear to have utilized this technology in a way to sufficiently address 42 CFR Part 2 requirements, thereby creating a situation of impossibility for health systems (although not for EHR vendors) to adhere to 42 CRF Part 2. This could be an area for legislative action.

In addition to patient-controlled consent, the current Rule stipulates that sharing of SUD information is possible between covered entities and other providers through qualified service organization agreements (QSOAs). As with Consent2Share, this works well if the outside providers are part of a separate organization than the health system, but in an integrated health system where both primary and SUD care are provided, some of our legal respondents felt that a QSOA would not be possible because this would entail an organization contracting with itself.

Another option, utilized by several integrated healthcare organizations in this sample, was a universal SUD consent. This appears to address staff burden for acquiring a new consent to share data with another department, program, or unit. While no participating health system said they would deny service to someone who would not sign a universal consent there was little insight to the possibility that a universal consent by definition may not be an informed consent and there is little understanding of impact of universal consents on patients or how well patients understand what data is available and to whom.

A common workaround method was “break the glass,” or note sequestration procedures, to limit access to SUD related notes. Staff self-monitoring approaches to 42 CFR Part 2 reveal that these systems do not fully understand the automated nature of EHRs. For example, unlike in the use of a sensitive note designation, the use of headers denoting 42 CFR Part 2 protected information will not prevent automated data release when medical records are requested using a standard release of information because there are no meta-data applied to the note to indicate that it should be withheld. An improvement in the 2018 revision was that SAMHSA reduced the number of words needed for such a header, thereby allowing it to fit within a meta-data tag that can allow such notes to be separated during automated record searches.

Relatedly, it remains unclear if population health analysis or research protocols using natural language processing approaches to EHR data mining would be able to access sequestered notes. Inability to see or access data, even when 42 CFR Part 2 may allow it, because of technological limitations may result in biased clinical data, and research data, and have an impact on resource allocation similar to previous concerns regarding suppression of SUD data (Rough et al., 2016).

There are a number of limitations to our current study. While we have a diversity of health systems the sample size is not large enough to explore differences between type of health system and approach to 42 CFR Part 2. Although we selected participants who had responsibility to make policy regarding interpretation and implementation of 42 CRF Part 2 privacy protections, not all participants interviewed were attorneys and thus their interpretation of the rule may not be fully informed by legal scholarship. None of the respondents specifically described harms associated with breeches of 42 CRF Part 2 and we are not able to assess whether breeches occurred or harm resulting from such breeches; therefore, we are not able to assess the impact of described workarounds on patients’ privacy. Finally, while it is important to understand the health systems perspective on implementing 42 CRF Part 2 in the era of the EHR, it is equally if not more important to understand the patients’ perspective on privacy protections surrounding SUD services. While the patients’ perspective was not the focus of the current paper, we hope that others will empirically address this perspective so we may have a truly informed debate about the balance between service integration and privacy protection and the extent to which these may or may not be mutually exclusive ideals.

5. CONCLUSIONS

The findings from this study contribute to a small set of data on knowledge, interpretation, and practices related to SUD privacy protection within integrated health systems. As Congress and SAMHSA continue to evaluate 42 CRF Part 2 in the context of needed integration of addiction services into general medical settings, our results provide data that can supplement what mostly has been an expert opinion and advocacy group testimonial approach to informing policy decisions.

Study Highlights.

  • Compliance with 42 CFR Part 2 has been a source of confusion to health systems

  • Health system staff voiced concern over balancing patient safety with privacy protections

  • Technology workarounds used to manage intra-institutional communication

  • Addiction records are often accessible in internal health systems without specific consent

  • Recent 42 CFR Part 2 amendments have not addressed integrated care settings

ACKNOWLEDGMENTS

Jennifer Lima, MPH, assisted with data management and data coding.

Funding: This work was supported by the National Institutes of Health, National Institute on Drug Abuse (grant numbers UG1DA013035, UG1DA015815, UG1DA040316; UG1 DA040317).

Footnotes

CONFLICTS OF INTEREST

Dr. Campbell receives book royalties from APA Press; Dr. Rotrosen has received study medication and/or research study funding from Alkermes, Inc. and Indivior; Dr. Wu has received research funding from Alkermes, Inc.; the remaining authors have no financial conflicts to disclose.

Prior Presentations: Portions of this manuscript were presented as part of a symposium at the International Network on Brief Interventions for Alcohol and Other Drugs (INEBRIA) Meeting, September 2017, New York, NY.

Publisher's Disclaimer: This is a PDF file of an unedited manuscript that has been accepted for publication. As a service to our customers we are providing this early version of the manuscript. The manuscript will undergo copyediting, typesetting, and review of the resulting proof before it is published in its final citable form. Please note that during the production process errors may be discovered which could affect the content, and all legal disclaimers that apply to the journal pertain.

References

  1. Abraham AJ, Andrews CM, Grogan CM, D’Aunno T, Humphreys KN, Pollack HA, et al. (2017). The Affordable Care Act transformation of substance use disorder treatment. American Journal of Public Health, 107(1), 31–2. [DOI] [PMC free article] [PubMed] [Google Scholar]
  2. Barnett B, & Connery HS (2018). Implementation challenges of the final rule of Title 42 of the Code of Federal Regulations part 2: can privacy endure in an era of electronic health information exchange? American Journal on Addiction, 27(1), 37–8. [DOI] [PubMed] [Google Scholar]
  3. Buck JA (2011). The looming expansion and transformation of public substance abuse treatment under the Affordable Care Act. Health Affairs, 30(8), 1402–10. [DOI] [PubMed] [Google Scholar]
  4. Christie C, Baker C, Cooper R, Kennedy PJ, Madras B, & Bondi P (2017). The President’s Commission on Combating Drug Addiction and the Opioid Crisis: Final Report Washington, DC: The White House; 2017 [Available at: https://www.whitehouse.gov/sites/whitehouse.gov/files/images/Final_Report_Draft_11-1-2017.pdf. [Google Scholar]
  5. Fiellin DA, Moore BA, Sullivan LE, Becker WC, Pantalon MV, Chawarski MC, et al. (2008). Long-term treatment with buprenorphine/naloxone in primary care: Results at 2–5 years. American Journal on Addiction, 17, 116–20. [DOI] [PubMed] [Google Scholar]
  6. Fiellin DA, O’Conner PG (2002). Office-based treatment of opioid-dependent patients. New England Journal of Medicine, 347, 817–23. [DOI] [PubMed] [Google Scholar]
  7. Gale NK, Heath G, Cameron E, Rashid S, Redwood S (2013). Using the framework method for the analysis of qualitative data in multi-disciplinary health research. BMC Medical Research Methodology, 13(1), 117. [DOI] [PMC free article] [PubMed] [Google Scholar]
  8. Knopf A (2017). Patient confidentiality campaign launched in 42 CFR Part 2 battle. Alcoholism & Drug Abuse Weekly, 29(38), 1–5. [Google Scholar]
  9. Korthuis PT, McCarty D, Weimer M, Bougatsos C, Blazina I, Zakher B, et al. (2017). Primary care-based models for the treatment of opioid use disorder: A scoping review. Annals of Internal Medicine, 166(4), 268–278. [DOI] [PMC free article] [PubMed] [Google Scholar]
  10. McCarty D, Rieckmann T, Baker RL, McConnell KJ (2017). The Perceived Impact of 42 CFR Part 2 on Coordination and Integration of Care: A Qualitative Analysis. Psychiatric Services, 68(3), 245–9. [DOI] [PMC free article] [PubMed] [Google Scholar]
  11. Office of the Surgeon General. (2016, November). Facing Addiction in America: The Surgeon General’s Report on Alcohol Drugs and Health. Washington, DC: U.S. Department of Health and Human Services. [PubMed] [Google Scholar]
  12. Ritchie J & Spencer L (1994). Qualitative data analysis for applied policy research In Bryman A & Burgess RG [Eds.], Analysing Qualitative Data (pp. 173–194). London: Routledge. [Google Scholar]
  13. Rough K, Bateman BT, Patorno E, Desai RJ, Park Y, Hernandez-Diaz S, et al. (2016). Suppression of substance abuse claims in medicaid data and rates of diagnoses for non–substance abuse conditions. Journal of the American Medical Association, 315(11), 1164–6. [DOI] [PMC free article] [PubMed] [Google Scholar]
  14. Schaper E, Padwa H, Urada D, Shoptaw S (2016). Substance use disorder patient privacy and comprehensive care in integrated health care settings. Psychological Services, 13(1), 105–9. [DOI] [PubMed] [Google Scholar]
  15. Substance Abuse and Mental Health Services Administration [SAMHSA]. (2017). Confidentiality of substance use disorder patient records. Federal Register, 82(11), 6052–127. [PubMed] [Google Scholar]
  16. Substance Abuse and Mental Health Services Administration [SAMHSA]. (2018). Confidentiality of substance use disorder patient records. Federal Register, 83(2), 239–52. [Google Scholar]

RESOURCES