This Article focuses on the issues of managing health information when it may that of students and may involve substance abuse treatment information. HIPAA and FERPA allow a number of disclosures without consent that SAMHSA prohibits without consent.
how HIPAA relates to information management and release and explain the processes required for various releases of information under the HIPAA and FERPA rules, including release according to individual access requests, and under consents and HIPAA authorizations.
While FERPA overrides HIPAA, both HIPAA and FERPA take a back seat to the rules under 42 CFR Part 2. When substance abuse treatment information is involved, first you need to understand how to identify it. This blog explains how to make it distinguishable from "regular" health information, so that the appropriate extra protections can be provided. You may be able to use functions in your EHR to flag the information, or you may create a manual process for tracking the information,if it is rarely handled in your organization.
And the substance abuse treatment information you collect may or may not be under SAMHSA depending on whether or not you have a department or even a response team that specializes in SAMHSA-related situations. You need to understand your status under the rules before you release information inappropriately.What qualifies treatment that falls under SAMHSA.
If your organization provides services that create information that is under the SAMHSA regulations, you will need to establish the consent and release of information processes that are required to be followed for information releases under 42 CFR Part 2. This involves getting the proper consents upon establishment of the relationship, as well as managing consents for releases that may be necessary after the initial establishment of the relationship.
When you release information under HIPAA, there are no special notices required to be placed on the records. But when you release information under SAMHSA, each document must have a notice that explains that re-disclosure is not permitted without a new consent.
Complicating matters are updated rules going into effect that will allow a consent that permits a re-release to a defined team of providers caring for the individual, but then require meticulous documentation of to whom the information has been released under such a consent.
This blog will explore the complications and requirements of each of the rules controlling student health information, HIPAA, FERPA, and 42 CFR Part 2, and provide insights into how to apply the rules in an education setting.
This Article covers the below topics
• What FERPA controls and how to Determine where it Applies
• How FERPA and HIPAA Interact
• What HIPAA allows, what SAMHSA requires, and the Differences will be Explained
• We will Examine how to Deternmine if the Services you Provide Place you under FERPA or 42 CFR Part 2
• We will Explore the means for Making sure Substance Abuse Treatment Information Receives the Appropriate Protections
• The consent and release Requirements under HIPAA, FERPA, and 42 CFR Part 2 will be Explained
• Re-release of Information Released under 42 CFR Part 2 will be Discussed
• Sharing of information with Family and Friends in an overdose Incident will be Explored
• The latest Guidance from the US Department of Health and Human Services on HIPAA and FERPA, as well as Harmonization of SAMHSA and HIPAA will be Explained

Read More

This Article Is going to helpful for these professionals
• Compliance Director
• Privacy Officer
• Security Officer
• Information Systems Manager
• HIPAA Officer
• Chief Information Officer
• Health Information Manager
• Healthcare Counsel/Lawyer
• Office Manager

Author's Bio: 

Jim Sheldon-Dean is the founder and director of compliance services at Lewis Creek Systems, LLC, a Vermont-based consulting firm founded in 1982, providing information privacy and security regulatory compliance services to a wide variety of health care entities.

Sheldon-Dean serves on the HIMSS Information Systems Security Workgroup, has co-chaired the Workgroup for Electronic Data Interchange Privacy and Security Workgroup, and is a recipient of the WEDI 2011 Award of Merit. He is a frequent speaker regarding HIPAA and information privacy and security compliance issues at seminars and conferences, including speaking engagements at numerous regional and national healthcare association conferences and conventions and the annual NIST/OCR HIPAA Security Conference in Washington, D.C.