Page images
PDF
EPUB
[blocks in formation]

(2) On its face substantially fails to conform to any of the requirements set forth in paragraph (a) of this section;

(3) Is known to have been revoked; or (4) Is known, or through a reasonable effort could be known, by the person holding the records to be materially false.

(Approved by the Office of Management and Budget under control number 0930-0099) §2.32 Prohibition on redisclosure.

Notice to accompany disclosure. Each disclosure made with the patient's written consent must be accompanied by the following written statement:

This information has been disclosed to you from records protected by Federal confidentiality rules (42 CFR part 2). The Federal rules prohibit you from making any further disclosure of this information unless further disclosure is expressly permitted by the written consent of the person to whom it pertains or as otherwise permitted by 42 CFR part 2. A general authorization for the release of medical or other information is NOT sufficient for this purpose. The Federal rules restrict any use of the information to crimi

nally investigate or prosecute any alcohol or drug abuse patient.

[52 FR 21809, June 9, 1987; 52 FR 41997, Nov. 2, 1987]

§2.33 Disclosures permitted with written consent.

If a patient consents to a disclosure of his or her records under §2.31, a program may disclose those records in accordance with that consent to any individual or organization named in the consent, except that disclosures to central registries and in connection with criminal justice referrals must meet the requirements of §§2.34 and 2.35, respectively.

§2.34 Disclosures to prevent multiple enrollments in detoxification and maintenance treatment programs.

(a) Definitions. For purposes of this section:

Central registry means an organization which obtains from two or more member progams patient identifying information about individuals applying for maintenance treatment or detoxification treatment for the purpose of avoiding an individual's concurrent enrollment in more than one program.

Detoxification treatment means the dispensing of a narcotic drug in decreasing doses to an individual in order to reduce or eliminate adverse physiological or psychological effects incident to withdrawal from the sustained use of a narcotic drug.

Maintenance treatment means the dispensing of a narcotic drug in the treatment of an individual for dependence upon heroin or other morphine-like drugs.

Member program means a detoxification treatment or maintenance treatment program which reports patient identifying information to a central registry and which is in the same State as that central registry or is not more than 125 miles from any border of the State in which the central registry is located.

(b) Restrictions on disclosure. A program may disclose patient records to a central registry or to any detoxification or maintenance treatment program not more than 200 miles away for the purpose of preventing the multiple enrollment of a patient only if:

(1) The disclosure is made when:

(i) The patient is accepted for treatment;

(ii) The type or dosage of the drug is changed; or

(iii) The treatment is interrupted, resumed or terminated.

(2) The disclosure is limited to:

(i) Patient identifying information; (ii) Type and dosage of the drug; and (iii) Relevant dates.

(3) The disclosure is made with the patient's written consent meeting the requirements of §2.31, except that:

(i) The consent must list the name and address of each central registry and each known detoxification maintenance treatment program to which a disclosure will be made; and

or

(ii) The consent may authorize a disclosure to any detoxification or maintenance treatment program established within 200 miles of the program after the consent is given without naming any such program.

(c) Use of information limited to prevention of multiple enrollments. A central registry and any detoxification or maintenance treatment program to which information is disclosed to prevent multiple enrollments may not redisclose or use patient identifying information for any purpose other than the prevention of multiple enrollments unless authorized by a court order under subpart E of these regulations.

(d) Permitted disclosure by a central registry to prevent a multiple enrollment. When a member program asks a central registry if an identified patient is enrolled in another member program and the registry determines that the patient is so enrolled, the registry may disclose

(1) The name, address, and telephone number of the member program(s) in which the patient is already enrolled to the inquiring member program; and

(2) The name, address, and telephone number of the inquiring member program to the member program(s) in which the patient is already enrolled. The member programs may communicate as necessary to verify that no error has been made and to prevent or eliminate any multiple enrollment.

(e) Permitted disclosure by a detoxification or maintenance treatment program to prevent a multiple enrollment. A detoxi

fication or maintenance treatment program which has received a disclosure under this section and has determined that the patient is already enrolled may communicate as necessary with the program making the disclosure to verify that no error has been made and to prevent or eliminate any multiple enrollment.

$2.35 Disclosures to elements of the criminal justice system which have referred patients.

(a) A program may disclose information about a patient to those persons within the criminal justice system which have made participation in the program a condition of the disposition of any criminal proceedings against the patient or of the patient's parole or other release from custody if:

(1) The disclosure is made only to those individuals within the criminal justice system who have a need for the information in connection with their duty to monitor the patient's progress (e.g., a prosecuting attorney who is withholding charges against the patient, a court granting pretrial or posttrial release, probation or parole officers responsible for supervision of the patient); and

(2) The patient has signed a written consent meeting the requirements of §2.31 (except paragraph (a)(8) which is inconsistent with the revocation provisions of paragraph (c) of this section) and the requirements of paragraphs (b) and (c) of this section.

(b) Duration of consent. The written consent must state the period during which it remains in effect. This period must be reasonable, taking into account:

(1) The anticipated length of the treatment;

(2) The type of criminal proceeding involved, the need for the information in connection with the final disposition of that proceeding, and when the final disposition will occur; and

(3) Such other factors as the program, the patient, and the person(s) who will receive the disclosure consider pertinent.

(c) Revocation of consent. The written consent must state that it is revocable upon the passage of a specified amount of time or the occurrence of a specified,

ascertainable event. The time or occurrence upon which consent becomes revocable may be no later than the final disposition of the conditional release or other action in connection with which consent was given.

(d) Restrictions on redisclosure and use. A person who receives patient information under this section may redisclose and use it only to carry out that person's official duties with regard to the patient's conditional release or other action in connection with which the consent was given.

Subpart D-Disclosures Without Patient Consent

§2.51 Medical emergencies.

(a) General Rule. Under the procedures required by paragraph (c) of this section, patient identifying information may be disclosed to medical personnel who have a need for information about a patient for the purpose of treating a condition which poses an immediate threat to the health of any individual and which requires immediate medical intervention.

(b) Special Rule. Patient identifying information may be disclosed to medical personnel of the Food and Drug Administration (FDA) who assert a reason to believe that the health of any individual may be threatened by an error in the manufacture, labeling, or sale of a product under FDA jurisdiction, and that the information will be used for the exclusive purpose of notifying patients or their physicians of potential dangers.

(c) Procedures. Immediately following disclosure, the program shall document the disclosure in the patient's records, setting forth in writing:

(1) The name of the medical personnel to whom disclosure was made and their affiliation with any health care facility;

(2) The name of the individual making the disclosure;

(3) The date and time of the disclosure; and

(4) The nature of the emergency (or error, if the report was to FDA).

(Approved by the Office of Management and Budget under control number 0930-0099)

§2.52 Research activities.

(a) Patient identifying information may be disclosed for the purpose of conducting scientific research if the program director makes a determination that the recipient of the patient identifying information:

(1) Is qualified to conduct the research;

(2) Has a research protocol under which the patient identifying information:

(i) Will be maintained in accordance with the security requirements of §2.16 of these regulations (or more stringent requirements); and

(ii) Will not be redisclosed except as permitted under paragraph (b) of this section; and

(3) Has provided a satisfactory written statement that a group of three or more individuals who are independent of the research project has reviewed the protocol and determined that:

(i) The rights and welfare of patients will be adequately protected; and

(ii) The risks in disclosing patient identifying information are outweighed by the potential benefits of the research.

(b) A person conducting research may disclose patient identifying information obtained under paragraph (a) of this section only back to the program from which that information was obtained and may not identify any individual patient in any report of that research or otherwise disclose patient identities.

[52 FR 21809, June 9, 1987, as amended at 52 FR 41997, Nov. 2, 1987]

§2.53 Audit and evaluation activities.

(a) Records not copied or removed. If patient records are not copied or removed, patient identifying information may be disclosed in the course of a review of records on program premises to any person who agrees in writing to comply with the limitations on redisclosure and use in paragraph (d) of this section and who:

(1) Performs the audit or evaluation activity on behalf of:

(i) Any Federal, State, or local governmental agency which provides financial assistance to the program or is

authorized by law to regulate its activities; or

(ii) Any private person which provides financial assistance to the program, which is a third party payer covering patients in the program, or which is a peer review organization performing a utilization or quality control review; or

(2) Is determined by the program director to be qualified to conduct the audit or evaluation activities.

(b) Copying or removal of records. Records containing patient identifying information may be copied or removed from program premises by any person who:

(1) Agrees in writing to:

(i) Maintain the patient identifying information in accordance with the security requirements provided in §2.16 of these regulations (or more stringent requirements);

(ii) Destroy all the patient identifying information upon completion of the audit or evaluation; and

(iii) Comply with the limitations on disclosure and use in paragraph (d) of this section; and

(2) Performs the audit or evaluation activity on behalf of:

(i) Any Federal, State, or local governmental agency which provides financial assistance to the program or is authorized by law to regulate its activities; or

(ii) Any private person which provides financial assistance to the program, which is a third part payer covering patients in the program, or which is a peer review organization performing a utilization or quality control review.

(c) Medicare or Medicaid audit or evaluation. (1) For purposes of Medicare or Medicaid audit or evaluation under this section, audit or evaluation includes a civil or administrative investigation of the program by any Federal, State, or local agency responsible for oversight of the Medicare or Medicaid program and includes administrative enforcement, against the program by the agency, of any remedy authorized by law to be imposed as a result of the findings of the investigation.

(2) Consistent with the definition of program in §2.11, program includes an employee of, or provider of medical

services under, the program when the employee or provider is the subject of a civil investigation or administrative remedy, as those terms are used in paragraph (c)(1) of this section.

(3) If a disclosure to a person is authorized under this section for a Medicare or Medicaid audit or evaluation, including a civil investigation or administrative remedy, as those terms are used in paragraph (c)(1) of this section, then a peer review organization which obtains the information under paragraph (a) or (b) may disclose the information to that person but only for purposes of Medicare or Medicaid audit or evaluation.

(4) The provisions of this paragraph do not authorize the agency, the program, or any other person to disclose or use patient identifying information obtained during the audit or evaluation for any purposes other than those necessary to complete the Medicare or Medicaid audit or evaluation activity as specified in this paragraph.

(d) Limitations on disclosure and use. Except as provided in paragraph (c) of this section, patient identifying information disclosed under this section may be disclosed only back to the program from which it was obtained and used only to carry out an audit or evaluation purpose or to investigate or prosecute criminal or other activities, as authorized by a court order entered under §2.66 of these regulations.

Subpart E-Court Orders Authorizing Disclosure and Use

§2.61 Legal effect of order.

(a) Effect. An order of a court of competent jurisdiction entered under this subpart is a unique kind of court order. Its only purpose is to authorize a disclosure or use of patient information which would otherwise be prohibited by 42 U.S.C. 290ee-3, 42 U.S.C. 290dd-3 and these regulations. Such an order does not compel disclosure. A subpoena or a similar legal mandate must be issued in order to compel disclosure. This mandate may be entered at the same time as and accompany an authorizing court order entered under these regulations.

(b) Examples. (1) A person holding records subject to these regulations receives a subpoena for those records: a response to the subpoena is not permitted under the regulations unless an authorizing court order is entered. The person may not disclose the records in response to the subpoena unless a court of competent jurisdiction enters an authorizing order under these regulations.

(2) An authorizing court order is entered under these regulations, but the person authorized does not want to make the disclosure. If there is no subpoena or other compulsory process or a subpoena for the records has expired or been quashed, that person may refuse to make the disclosure. Upon the entry of a valid subpoena or other compulsory process the person authorized to disclose must disclose, unless there is a valid legal defense to the process other than the confidentiality restrictions of these regulations.

[52 FR 21809, June 9, 1987; 52 FR 42061, Nov. 2, 1987]

$2.62 Order not applicable to records disclosed without consent to researchers, auditors and evaluators. A court order under these regulations may not authorize qualified personnel, who have received patient identifying information without consent for the purpose of conducting research, audit or evaluation, to disclose that information or use it to conduct any criminal investigation or prosecution of a patient. However, a court order under §2.66 may authorize disclosure and use of records to investigate or prosecute qualified personnel holding the records. §2.63 Confidential communications.

(a) A court order under these regulations may authorize disclosure of confidential communications made by a patient to a program in the course of diagnosis, treatment, or referral for treatment only if:

(1) The disclosure is necessary to protect against an existing threat to life or of serious bodily injury, including circumstances which constitute suspected child abuse and neglect and verbal threats against third parties;

(2) The disclosure is necessary in connection with investigation or prosecu

tion of an extremely serious crime, such as one which directly threatens loss of life or serious bodily injury, including homicide, rape, kidnapping, armed robbery, assault with a deadly weapon, or child abuse and neglect; or

(3) The disclosure is in connection with litigation or an administrative proceeding in which the patient offers testimony or other evidence pertaining to the content of the confidential communications.

(b) [Reserved]

$2.64 Procedures and criteria for orders authorizing disclosures for noncriminal purposes.

(a) Application. An order authorizing the disclosure of patient records for purposes other than criminal investigation or prosecution may be applied for by any person having a legally recognized interest in the disclosure which is sought. The application may be filed separately or as part of a pending civil action in which it appears that the patient records are needed to provide evidence. An application must use a fictitious name, such as John Doe, to refer to any patient and may not contain or otherwise disclose any patient identifying information unless the patient is the applicant or has given a written consent (meeting the requirements of these regulations) to disclosure or the court has ordered the record of the proceeding sealed from public scrunity.

(b) Notice. The patient and the person holding the records from whom disclosure is sought must be given:

(1) Adequate notice in a manner which will not disclose patient identifying information to other persons; and

(2) An opportunity to file a written response to the application, or to appear in person, for the limited purpose of providing evidence on the statutory and regulatory criteria for the issuance of the court order.

(c) Review of evidence: Conduct of hearing. Any oral argument, review of evidence, or hearing on the application must be held in the judge's chambers or in some manner which ensures that patient identifying information is not disclosed to anyone other than a party to the proceeding, the patient, or the person holding the record, unless the patient requests an open hearing in a

194-169 D-01--2

« PreviousContinue »