HIPAA vs SAMHSA (42 CFR Part 2)
Brian L Tuttle, CPHIT, CHP, CHA, CBRA, CISSP, CCNA
Brian L Tuttle is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 18 years’ experience in Health IT and Compliance Consulting. With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 18 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.
In addition, Mr. Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information. Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR. Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States for his quality work and down-home southern charm.
Mr. Tuttle has a Master’s Degree in Health Sciences from Georgia State University and works nationally out of Kennesaw, GA with his wife Tiffany and two rescue dogs Willie and Butter Bean.
This lesson will be addressing how practice/business managers (or compliance offers) need to ensure their organization is complying with the Federal Substance Abuse and Mental Health Administration (SAMHSA) regulations (42 CFR Part 2) and how this differs from the HIPAA (Health Insurance Portability and Accountability Act) Privacy and Security Regulations. Both regulations carry significant civil and even criminal penalties if not complied with. Both regulations are now being enforced proactively by the Federal government. Both regulations if not complied with can lead to catastrophic legal consequences on state laws of negligence and invasion of privacy if not complied with.
This lesson will cover the latest SAMHSA and HIPAA updates which were released in January 2018 and December of 2017 respectively, and also cover multiple scenarios and FAQ’s relating to Substance Abuse Records, Mental Health Records, Alcohol Abuse Records, and the proper ways to secure this information and/or release this information. An overview of a comparative analysis will be presented comparing SAMHSA to the HIPAA laws relating to protected health information in general.
- Updates for 2018
- What is SAMHSA
- What is HIPAA
- Portable devices
- When and how records can be released
- Proper Documentation Required
- Enforcement of the Law
- SAMHSA vs. HIPAA (specific scenarios)
- Who must comply
- Best Practices
Who Should Attend
- Practice managers
- Any business associates who work with mental health records, substance abuse records, or alcohol abuse records (i.e. billing companies, transcription companies, IT companies, answering services, home health, coders, attorneys, etc)
- MD’s and other medical professionals
The Substance Abuse and Mental Health Services Administration (SAMHSA)
is the agency within the U.S. Department of Health and Human Services
that leads public health efforts to advance the behavioral health of the
nation. SAMHSA's mission is to reduce the impact of substance abuse and
mental illness on America's communities.
- Are you clear on the differences between HIPAA and SAMHSA – there are some small but extremely major differences that must be addressed between the two regulations?
- Is your organization working with substance abuse records or mental health records?
- Are you aware of the strict federal regulations related to this type of sensitive information?
- Are you aware of the ramifications of non-compliance for both HIPAA and SAMHSA?