Are you ready for modifications to HIPAA? We can help.
Where Should We Send Your Cheat Sheet?
Enter your details and we will email it to you!
And these changes may impact you even if you do not offer substance use disorder services! HIPAAtrek is here to help you navigate these changes and achieve compliance under 42 CFR Part 2—even if it’s new to your organization.
The Substance Abuse and Mental Health Services Administration (SAMHSA) has stated that 42 CFR Part 2 is changing in order to:
According to SAMHSA, Substance Use Disorders are the number one cause of accidental death in the United States. These regulations are intended to streamline access to treatment while protecting data to ensure individuals can access life-saving care without concern about records disclosure.
The 42 CFR Part 2 NPRM was published to the Federal Registry Feb 16, 2024. Even if you haven’t had to comply with Part 2 in the past, you will likely need to comply now.
The largest change with implications for your compliance is the expanded definition of a lawful holder.
What is a lawful holder? A lawful holder is now defined as a hospital, clinic, or other provider that receives records from a Substance Use Disorder (SUD) treatment facility or provider. If you have any health information that was sent to you from another lawful holder or a Part 2 program, you will be considered a lawful holder.
All records received by a lawful holder from a SUD program are subject to 42 CFR Part 2 and the lawful holder must have policies and procedures in place to protect those records.
If your policies, procedures, and BAAs are not currently compliant with 42 CFR Part 2, you will have 180 days to comply with these regulations, or risk monetary penalties. Though the purpose of these changes is to align HIPAA and Part 2, these regulations still have different requirements. Complying with HIPAA and your state regulations does not mean you are in compliance with 42 CFR Part 2.
Plan for the identification, creation, editing, approval, and finalization of new policies and procedures. HIPAAtrek clients already have access to policy templates compliant with 42 CFR Part 2.
Vendors that will have access to Part 2 data require a new contract or Business Associate Agreement that is compliant with 42 CFR Part 2.
The larger your organization is, the more staff education and training it will take to change habits, routines, and workflows to create compliance in action.
HIPAAtrek was built by HIPAA compliance experts who have been in your shoes, so we know how challenging sweeping changes to HIPAA can be. HIPAAtrek already supports compliance with 42 CFR Part 2, and we can help even if you are a new lawful holder.
We work diligently to support our clients through changing regulations with:
There’s never been a better time to join HIPAAtrek. Register for a demo now and a member of our team will reach out with more information:
Know where your compliance program stands, so you can build on a strong foundation once the changes are finalized.
Understand the specifics of these changes and begin preparations by identifying policies and BAAs that will require updates.
Create buy-in among the C-suite, sharing your action plan and budget proactively.
We made you a free cheat sheet to guide your compliance as regulations change.