Analysis: Opioid Legislation Stripped of Privacy ProvisionGeisinger Health CIO John Kravitz Discusses the Implications
Although the passage by Congress of the Support for Patients and Communities Act this week is an important step in the nation's battle against the opioid drug addiction crisis, it lacks a critical privacy provision that would have eased data sharing, says Geisinger Health CIO John Kravitz, who analyzes the implications.
A provision in a draft of the bill, which was stricken, would have aligned the stringent privacy regulations of CFR 42 Part 2 with the HIPAA Privacy Rule. As a result of that dropped provision, patient consent would have no longer been required for the sharing of opioid addiction records for treatment, payment and business operations.
The excluded provision would have "opened up communication in sharing information that could protect the health of our patients to a much larger degree," Kravitz says in an interview with Information Security Media Group conducted on Thursday at the College of Healthcare Information Management Executives' Advocacy Summit in Washington.
The legislation - it's official title is the "Substance Use - Disorder Prevention that Promotes Opioid Recovery and Treatment for Patients and Communities Act'' - aims to help address the nation's opioid crisis. For example, it calls for expansion of the use of telemedicine, a pilot incentive program for electronic health record use by behavioral health professionals and certain mandates for the use of electronic prescriptions for controlled substances.
Support for Provision
While the provision dropped from the final bill had been a concern for some privacy advocates, it was supported by more than a 100 high-profile groups in the healthcare sector, including CHIME (see: Opioid Crisis Raises Tough Privacy Issues).
CFR 42 Part 2 - or the Confidentiality of Substance Use Disorder Patient Records - generally requires federally assisted substance abuse treatment programs to have a patient's consent before releasing information to others involved in their treatment.
But in light of the current opioid addiction crisis, the regulation is seen by some as impeding timely treatment because it could lead to a physician not having timely access to a patient's complete drug addiction treatment history to support appropriate medical decisions.
More Work to Do
Additional issues need to be tackled to address the privacy challenges involved with caring for patients with substance abuse issues, Kravitz says.
There are initiatives that need to go on in order to have a national patient identification system that could help ensure that a patient's records - including sensitive information pertaining to substance abuse - are accurately matched with the correct individual before the data is accessed or shared, he says.
In the late 1990s, Congress banned the Department of Health and Human Services from funding the development of a national unique patient identification system due, in part, to privacy concerns.
But the opioid crisis has created a critical need for the healthcare sector to reassess ways to better match the identity of patients with their records, Kravitz notes.
The crisis "is a strong impetus for this to happen; it's extremely important for the health of our patients," he says.
In the interview (see audio link below photo), Kravitz also discusses:
- Other reasons why the lack of a national or unique patient identifier makes patient record matching and health information exchange challenging;
- The pros and cons of provisions in the Support for Patients and Communities Act, or H.R. 6, related to data sharing with state prescription drug monitoring programs, or PDMPs;
- Steps that Geisinger takes to protect patients' electronic health records that include sensitive information about substance abuse.
Kravitz is senior vice president and CIO at Geisinger Health System, Danville, Pennsylvania, which includes 13 hospital campuses, a nearly 600,000-member health plan, two research centers and the Geisinger Commonwealth School of Medicine. He is also responsible for the regional health information exchange, KeyHIE, which connects organizations throughout Pennsylvania. He has been involved with the Care Connectivity Consortium, a group of healthcare providers that includes Geisinger, Intermountain Healthcare, Kaiser Permanente and Mayo Clinic, which is developing tools to support the nationwide health information exchange. In addition, Kravitz serves on the CHIME board of trustees and is a member of the CHIME Public Policy Steering Committee. Prior to joining Geisinger, Kravitz was CIO for Good Shepherd Rehab Network in Allentown, Pennsylvania.