OCR is doing its part to deal with the opioid crisis in the United States and fulfill its responsibilities under the 21st Century Cures Act. It recently released two webpages, which provide the public access to information relating to HIPAA and mental/behavioral health. Here are the web links:
OCR made the HHS website more user-friendly. The new web pages provide resources that explain when and which circumstances necessitate the sharing of health information with families and friends so they know what to do in emergency situations including an opioid overdose or a mental health crisis.
OCR also released new resources about substance abuse disorder and mental health that are specifically for people that provide patient care. There are fact sheets, infographics, decision charts, and different situations that tackle the sharing of information when opioid overdose happens. Some resources are in particular for the parents of children with mental health conditions.
Other partner agencies within the HHS are working together with OCR to further develop programs and HIPAA training materials that cover the use and disclosure of PHI of patients seeking or undergoing mental health disorder or substance abuse disorder treatment. HHS is serious about educating families and doctors to help save lives in the communities devastated by opioids.
OCR also updated the information related to HIPAA and research as required by the 21st Century Cures Act. The information details the application of the HIPAA Privacy Rule to research. Can researchers share PHI without obtaining patient consent? According to 45 CFR 164.502(d) and 164.514(a)-(c), PHI that has been de-identified can be shared by HIPAA-covered entities for research purposes. If sharing PHI that is not de-identified, patient authorization is required except when the covered entity got Documented Institutional Review Board (IRB) or Privacy Board Approval. The criteria for getting such approval are explained in the information guide here.
OCR’s working group consists of representatives from federal agencies, researchers, patients, healthcare providers and privacy, security and technology experts. The task of this group is to study uses and disclosures of PHI for research purposes making modifications to the information guide as needed to ensure privacy rights of individuals are protected.