0. Advocacy Graphic


Confidentiality of Patient Records and Protections Against Discrimination

Adoption Date:
July 1, 2010

**Note: This historical policy statement is available as part of ASAM's Policy Archives, but it is no longer considered current ASAM policy. Please contact ASAM's advocacy staff at advocacy@asam.org for questions related to ASAM's position on this topic.

Confidentiality of Patient Records and Protections Against Discrimination: A Joint Statement by the American Society of Addiction Medicine, American Academy of Addiction Psychiatry, American Osteopathic Academy of Addiction Medicine and the Association for Medical Education and Research on Substance Abuse (formerly Public Policy Statement on Confidentiality of Patient Records)



The patient-physician relationship is the foundation of medical care and is often considered a sacred trust. The uniqueness of this relationship derives from the mutual understanding that the encounter is confidential; that what is said by each party is kept private from all others except for a lifting of confidentiality specifically approved by the patient. Confidentiality is required by professional ethical standards, by medical practice acts, and by federal and state law. Exceptions can be made only in specific instances. Examples include: information in medical emergencies, for the reporting of suspected child abuse and neglect, and in the case of threats to harm to others.

The privacy of medical records documenting addiction treatment is especially important. Confidentiality is the fundamental requirement for the establishment of trust when the most private details of a person’s life are revealed. Activities of addiction treatment providers are addressed by laws which recognize that these special therapeutic relationships should be protected by the strictest expectations of confidentiality. Chapter 42 of the Code of Federal Regulations, Part 2, (42 CFR Part 2) is the statute in federal law that requires that documents of addiction treatment be held to higher standards of confidentiality than even psychiatric records, and far higher than records of general medical encounters.

The delivery of American health care today is increasingly focused on integration of medical services offered by different providers; disease management of chronic conditions (including coordination of pharmacological treatments); and recognition that the patients with the greatest needs (those with multiple chronic conditions) are often associated with some of the highest costs in the health care delivery system. High quality chronic disease management of addiction in primary care settings, and early recognition of substance use disorders in various medical settings through the principles of Screening, Brief Intervention, and Referral to Treatment, require that there be dynamic interplay between providers of addiction services and other health care providers.

Recognition of the need for generalist physicians—those who do not specialize in addiction medicine—to become an indispensible part of the health care team meeting the needs of persons with substance related health conditions, requires newer thinking about these complex topics. With the increase in pharmacological therapies that can be prescribed by physicians specializing in addictions treatment and by non-addictionists alike, and the potential for drug-drug interactions between these agents and other agents that a physician may consider prescribing in an emergency medicine, primary care or other practice setting, it is imperative that all physicians who encounter a patient be able to know the full list of medications a patient is taking.

Prescription drug monitoring programs can assist with such knowledge. With the need for clinicians in integrated primary care settings, for example, patient-centered medical homes, to meet the clinical needs of persons with addiction and other substance-related conditions, it is important that documentation of their activities on the patient’s behalf not face constraints that would discourage them from identifying and taking responsibility for managing those conditions.

Increasingly, healthcare providers and health delivery systems rely on electronic health records (EHR) and electronic exchange of health information to facilitate the sharing of vital health information among different providers, treatment settings and insurers. Within an EHR, physicians and other professionals from a range of disciplines can coordinate their efforts, reduce duplication of services through pulling together all data into a single repository, and thus allow for reduction in medical errors and an overall improvement in quality of services and in clinical outcomes. However, the advent of EHR presents new challenges to addiction professionals who both want the best overall care for their patients and the utmost of privacy from those who would discriminate against them based on their health condition.

Therefore, the undersigned Organizations recommend the following general principles of confidentiality applicable to health records of patients receiving addiction treatment:

1. In general, the patient’s personal health information should be available to parties providing health care services to the patient, and not to other parties; but, within the health care delivery system, free exchange of basic health information, including via sharing of electronic health records or via the placement of basic health information into an electronic health information exchange, should be permitted by the patient’s initial consent for treatment.
The basic principle of confidentiality of personal health information is that, to the greatest extent possible, control of personal medical information should be in the hands of the patient. Nonetheless, when patients receive health services, including mental health and substance use disorder services, their agreement to begin treatment should include their written consent that certain identifiable health information will be shared with other health professionals. Disclosures of information from the medical record should contain only the information needed for the intended purpose. This would include:
a) Basic health information--such as their diagnoses, the name of their treatment provider, the dates of service, medications prescribed, laboratory and other diagnostic test results, and their treatment status--which should be shared with other health professionals providing them preventive, diagnostic, therapeutic or palliative care services.
Such disclosures from a patient’s personal health record should be limited to basic health information: psychotherapy or counseling notes should only be released with specific written consent, and are understood to not be covered under the release to other health care providers of basic health information.
b) Encounter information--including their diagnoses, the name of their treatment provider, the type of procedure/service provided, dates of service, and fee charged--released for the purposes of insurance claims payments with third party payors and their agents. Although an agreement to undergo treatment is normally accompanied by a consent to release medical information to relevant third party payors, such a requirement does not apply to patients who self-pay for their treatment.
c) Release of medical information, by health care providers, to related business entities such as third party payors of insurance claims, pharmacies, quality assurance organizations, managed care intermediaries, disease and treatment registries, vendors of electronic health record services for the clinical entity where the health record was generated, through qualified service provider agreements.
d) Patients who exercise an option to not allow even basic health information to be shared and exchanged among other health providers should be educated about the implications for the quality of the health care services they may receive, and thus the potential detriments to their own health care outcomes and health status, when they decline to sign the consent. Physicians and other health care providers should have the right to decline to enter into a non-emergent patient-clinician relationship with persons who decline to allow the sharing of basic health information with other health care providers.

2. An additional basic principle of confidentiality is that personal health information should not be released outside of the health care system without the explicit written consent of the patient.
a) In such cases, signed authorizations for release of health information should specify the party to receive the information, the type of information to be released from the individual’s personal health record, the purpose of the release, the time frame during which health services were provided that is covered by the release, and the time period over which the information can be released.
b) The release should only be to the specified party, and any secondary release of the information by that party should be explicitly prohibited.
c) Release of medical information (with the patient’s consent in order to obtain insurance benefits), whether public or private, should not be shared with other government or commercial entities without further consent. This includes non-healthcare divisions or parent organizations of commercial entities involved in healthcare service delivery, insurance, case management, and utilization management. No related business entity should be allowed to share or secondarily release any personally identifiable health information. (As an example, a life insurance division should not be allowed to have access to medical information obtained by the health insurance division of the same company).
d) Specific signed consents should be required for release of any personal health information to entities outside of the health-care delivery system, such as employers, social service and child protection agencies, housing agencies, educational and financial institutions, legislators or other public officials, judges, prosecutors, police or other legal investigators, or institutional or community corrections officials, even in response to subpoenas, as stipulated in 42 CFR Part 2.
e) Thus, access to information from the personal health records of individual patients to law enforcement and other government agencies seeking information without patient consent should be denied unless a specific court order, as specified by 42 CFR Part 2, has been granted. Such court orders should be reserved for cases involving serious crime, and in which the information sought is not available from other sources.

3. Any access to health information obtained in the course of facility inspections and quality assurance activities should be handled only by individuals and entities that agree in writing to avoid any secondary release of this information, and to store and analyze data from health records of patients only after patient identifiers have been removed from the files. Health information used for research purposes should not be subject to secondary release of personally identifiable data except as allowable under Federal research regulations.

4. Information submitted to prescription drug monitoring programs should be accessible by pharmacists, physicians, and other licensed independent healthcare providers with prescribing authority, as well as by public health officials, but not by persons outside the healthcare or public health system.

5. Penalties for unauthorized release and use of confidential medical information should be severe. Unauthorized release and use of confidential medical information may include:
a) Release of health information by health care providers to parties outside of the healthcare delivery system except as required by law or with patient consent.
b) Receipt and subsequent secondary release, by any individual or entity outside of the healthcare delivery system, of health information about an individual to another party without the signed consent of the patient or the patient’s legal agent or guardian.
c) Receipt of health information and subsequent discrimination against an individual in matters such as employment, housing, student status or student loans, based on knowledge of the person having a health condition or having received health care services for that health condition.

6. Health care professionals are bound by ethical standards to not discriminate against patients and to offer care equally to all. Health care professionals, including physicians, pharmacists, and others who receive basic health information through a health information exchange or a shared electronic health record, should not use this information to discriminate against patients regarding their quality and access to care. Professionals who discriminate against patients or prospective patients on the basis of such personal health information should be subject to professional and legal sanctions.

7. Health insurers should not deny payment of claims for health services based on knowledge of a patient’s health conditions such as substance use and addiction, mental disorders, genetic conditions, and information about infectious diseases such as hepatitis, human immunodeficiency virus infection, and sexually transmitted diseases.