Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

HHS Aligns Part 2 Substance Use Disorder Confidentiality Requirements With HIPAA

By Philip E. Legendy, Eric K. Temmel & David Goroff on April 30, 2024
Email this postTweet this postLike this postShare this post on LinkedIn

Table of Contents

  • The Upshot
  • The Bottom Line
  • Read the full alert here.

Newly effective regulations governing confidentiality of Substance Use Disorder (SUD) records now more closely mirror regulations implementing the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and other federal law. The new measures ease the administrative burden on programs by aligning regulations governing the privacy of Part 2 SUD records with the regulatory framework governing HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act. Part 2 programs have until February 16, 2026, to implement any necessary changes.

Link to The Upshot The Upshot

  • Jointly, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) and the Substance Abuse and Mental Health Services Administration (SAMHSA) revised 42 C.F.R. Part 2 (Part 2), which governs certain patient-identifying substance use disorder (SUD) records, effective April 16, 2024.
  • Significant regulatory changes implement Section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act (relating to “confidentiality and disclosure of records relating to substance use disorder”), which required HHS to update both HIPAA and Part 2 regulations in order to better align respective privacy protections.
  • The changes consist of new and revised Part 2 regulations governing, in part: patient consent for SUD record use, disclosure, and redisclosure; individual patient rights relating to notices, accountings of disclosures, and complaint procedures; and increased penalties for noncompliance. 
  • Part 2 programs may now maintain, use, and disclose records in a manner more consistent with HIPAA regulations.
  • As a result, Part 2 programs have expanded flexibility in utilizing Part 2 records, but must carefully note additional compliance responsibilities and civil penalties for noncompliance.

Link to The Bottom Line The Bottom Line

Part 2 violations will now be subject not only to criminal penalties, but also the civil monetary penalties established by HIPAA, HITECH, and their implementing regulations. These regulations (along with the CARES Act) fundamentally alter the potential cost of noncompliance for Part 2 programs and may ultimately result in increased enforcement activity.

Link to Read the full alert here. Read the full alert here.

  • Posted in:
    Health Care and Life Sciences
  • Blog:
    CyberAdviser
  • Organization:
    Ballard Spahr LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo