New guidelines from SAMHSA released in July 2020 are designed to improve coordination of care for patients in treatment for substance disorder, while protecting confidentiality against unauthorized disclosure and use of patient information. View this HITEQ webinar on changes to SAMHSA’s 42 CFR Part 2 rule (Part 2) which protects individuals receiving substance use disorder treatment by defining privacy and security requirements for written, electronic and verbal information. This webinar features expert presenters from the University of New Hampshire Institute for Health Policy and Practice and the Center of Excellence for Protected Health Information who present on the new final Part 2 rule and future changes in the CARES Act, including what has changed, what has not changed, what this means for health centers in regard to consents and disclosures, and the implications for care coordination. This presentation also addresses privacy considerations for tele-behavioral health and exceptions during the state of emergency waiver.

The coronavirus pandemic and consequent stay-at-home orders may increase danger for those at risk for or experiencing intimate partner violence and human trafficking (IPV/HT). Due to COVID-19, many health centers have shifted health encounters to virtual platforms, which offer unique opportunities to provide trauma-informed care and connect in new ways with those who may be experiencing abuse. Yet, telehealth and virtual visits also present health centers with new challenges related to privacy, safety and digital health equity. Given these changes in care delivery — and the inclusion of new Uniform Data System (UDS) data elements to capture IPV/HT diagnoses and services — health centers need information about how to identify and support patients at risk for or experiencing IPV/HT and leverage their health IT to provide and document care appropriately. In this webinar, presenters from the HITEQ Center and Futures Without Violence:

--Describe how health centers can implement an evidence-based, trauma-informed intervention for IPV/HT called CUES during virtual or in-person visits

--Review the newly included UDS data elements designed to capture IPV/HT diagnoses and services taking place within health centers

--Outline key considerations around privacy, safety, and equity for providing care through virtual platforms to patients at risk for or experiencing IPV/HT

--Feature promising strategies from health centers that have explored how to utilize health IT to support quality clinical care and data collection for IPV/HT

In the 2019-2020 contract year, as part of the Ending the HIV Epidemic initiative HITEQ conducted an environmental scan to determine the role of EHRs and health IT in health center capacity and ability to expand HIV screening and prevention. The full report is available for download. 

Health centers are actively expanding the substance use treatment services they offer in the community to address access to care for opioid use disorders, and more broadly to address better screening, referral and timely access to all substance use disorder (SUD) treatment. The downloadable case study below is an example of how a health center is assessing operations to comply with 42 CFR Part 2, with a particular focus on changes to their health information technology (IT) systems.

Frequently Asked Questions (FAQs) and Fact Sheets regarding the Substance Abuse Confidentiality Regulations. 

Two fact sheets include: 

• Disclosure of Substance Use Disorder Patient Records: Does Part 2 Apply to Me?
  • This fact sheet explains a 42 CFR Part 2 Program and how healthcare providers can determine how Part 2 applies to them.
• Disclosure of Substance Use Disorder Patient Records: How Do I Exchange Part 2 Data?
  • This fact sheet describes how 42 CFR Part 2 applies to the electronic exchange of healthcare records with a Part 2 Program.

FAQs about Applying the Substance Abuse Confidentiality Regulations, answers provided by Substance Abuse and Mental Health Services Administration (SAMHSA)

A recent survey of clinicians by HIMSS Analytics shows that despite the spotlight on HIPAA compliance and security issues in healthcare, clinicians report several IT vulnerabilities at provider organizations.  Learn the results of this study and hear from a panel of experts on policies and best practices to securely enable the use of clinician-owned technology.

During this webinar, you’ll learn:

• How clinicians in the U.S. feel about the security of patient information at their organization
• Relevant tools and capabilities clinicians wish they had or were authorized to use
• The prevalence and consequences of the use of non-authorized IT services to get work done
• Tips to mitigate the risk of unauthorized technology use

The conference will explore the history and recent changes of 42 CFR Part 2, review common definitions, and how the changes may affect integrated medication-assisted treatment (MAT) and Screening, Brief Intervention, and Referral to Treatment (SBIRT) programs, and discussion on LifeLong Medical Care’s experience.

The U.S. Department of Health & Human Services (HHS), Office for Civil Rights (OCR) has developed a Cyber Security Checklist and a corresponding Cyber Security Infographic that explains the steps for a HIPAA covered entity or its business associate (the entity) to take in response to a cyber-related security incident. 

The recent global ransomware attacks have revealed weaknesses in many organizations’ security plans. The global nature of the attacks demonstrate how easy it is for criminals to target health records for either profit or malicious reasons. And it confirms that the danger of cyber-attacks will not end any time soon. This webinar, presented by noted ethical hacker Kevin Johnson, will provide insight into how hackers identify vulnerabilities and provide specific advice to help you prepare a line of defense against the next generation of attack.

Sensato CEO and cybersecurity reseaercher John Gomez will present an HIStalk-sponsored free webinar on Tuesday, May 16 at 1:00 p.m. ET titled “WannaCry Threat Intelligence Briefing.” John will provide an in-depth analysis of the current state of WannaCry as well as a technical review of how it operates and possible go-forward cybersecurity impacts. John will also present technical and regulatory counter-measures you should consider, specific to healthcare organizations.