The federal rules for Part 2 programs apply before our current framework for patient privacy thinking, HIPAA. The second part has its origins in the drug revolution of the 1970s. It was necessary to protect drug treatment protocols more strictly than other medical records in order to avoid the stigma of addiction and the fear of those seeking addiction assistance from prosecution. The goal was to encourage people to seek treatment. With the increase in drug abuse, 42 CFR Part 2 has become a hotly debated topic. More recently, the Substance Abuse and Mental Health Services Administration (SAMHSA) has introduced updated provisions that have led Part 2 clinics to review their agreements with outside agencies. A QSOA is a bilateral agreement between a Part 2 program and the entity that provides the service, in this case the child care provider. The QSOA authorizes communication between these two parties, but the Part 2 program should only provide the QSO with the information necessary to enable QSO to perform its tasks under the QSOA. In addition, the QSOA does not authorize an OQ to disclose information to third parties, unless that third party is a contract agent of the SQO and assists in providing services described in the QSOA, and only as long as the agent only transmits the information to the QSO or the Part 2 program from which the information originates.
For more information, see FAQ 10 of the 2010 faQs, published by SAMHSA and the ONC, at: Application of substance abuse privacy rules to the exchange of health information (PDF | 381 KB). There are certain necessary elements of an BAA, such as 1) the definition of uses and returns of PPH authorized and necessary by the counterparty; 2) provide that the counterparty will not use or disclose the information, except as required by the BAA or any other legal obligation; and 3) require the counterparty to put in place appropriate security measures to prevent the unauthorized use or disclosure of PPHs. [vi] There are additional best practices that can be recommended by your legal advisor to manage an insured company`s relationship with its business partners, such as the inclusion of a disclaimer in the Agency`s relationship and the recommendation of a language that the agreement is not intended to be used by third parties. Covered companies are required to obtain certain assurances from partner organizations (for example. B partners such as ScanSTAT) who create, receive, maintain or transmit protected health information online (PHI) for patients regarding the uses and disclosures of PHI. However, the type of service provided by the unit covered to its patients controls the type of agreement that must exist between the covered unit and the other party.