Upload
others
View
1
Download
0
Embed Size (px)
Citation preview
1
PATIENTS WITH CONCURRENT MENTAL HEALTH, SUBSTANCE ABUSE,
AND GENERAL MEDICAL ILLNESSES:
CHALLENGES TO BREAKING DOWN INFORMATIONAL SILOS
Natalie S. Schwartz, M.D.
MED INF 407: Legal, Ethical, and Social Issues in Medical Informatics
Final Research Paper
August 2009
2
The Burden of Co-Existing Mental Health Problems and Substance Abuse
Disorders in the United States
Danny Watt seemed to be a normal, happy 8 year old boy who enjoyed playing
the guitar. But, at age 12, he began a long slide into drug and alcohol abuse. He was 16
when he entered his first inpatient alcohol rehabilitation program, admitting to drinking
large amounts of beer, smoking marijuana on a daily basis, snorting cocaine, and taking
“unidentified pills”. At age 18, after multiple drug overdoses, he was diagnosed with
manic depression. Soon afterwards, he started having delusions and was given a second
psychiatric diagnosis of schizophrenia. Danny‟s parents refinanced their house three
times to put Danny into every substance abuse and mental health program they could
find. Eventually, he was charged with reckless driving, petty larceny, public drunkenness,
and drug possession. He once leapt from a moving train. He overdosed, swallowed rat
poison, and tried to hang himself. In February 2007, Danny was hospitalized for several
months and given the diagnoses of schizoaffective disorder, bipolar type and poly-
substance abuse. In April 2007, Danny was released, despite his parents‟ pleas to place
him in a more intensive, locked psychiatric facility. He was subsequently arrested for
reckless driving, but a six month jail sentence was suspended in exchange for him
entering a substance abuse treatment program. He violated the conditions of his
suspended sentence and was, therefore, not eligible for public services. On April 3, 2008,
he showed up at his parents‟ home crying uncontrollably. Eleven days later, his body
was pulled out of a canal near Georgetown University. The medical examiner ruled the
death as suicide. (Washington Post 2009)
The statistics in this country are staggering. About 30% of adults in the United
States will experience a mental health or substance abuse disorder over a twelve month
period. (Coffey et al 2008) Over the same time period, the U.S. Substance Abuse and
3
Mental Health Services Administration (SAMHSA) reports that almost 10 million
Americans will have a combination of at least one mental health and one substance abuse
disorder. Mental health (MH) diagnoses include such illnesses as depression, anxiety,
post-traumatic stress disorder, eating disorders, schizophrenia, and bipolar illness.
Substance abuse (SA) encompasses substance use along a continuum from abuse to
dependence to addiction. (SAMHSA). The term, “dual diagnosis” commonly refers to
patients with both severe mental illness and a drug or alcohol abuse disorder. In fact,
approximately 50% of patients with severe mental illness also have a substance abuse
disorder. (Coffey et al 2008) To further complicate the picture, adults with severe
mental health problems suffer a higher burden of chronic medical illnesses than the
general population (e.g. hypertension, HIV/AIDS, and diabetes), often as a result of
socioeconomic factors, concurrent substance abuse, medication side effects, and
unhealthy lifestyle behaviors. Dual diagnosis is associated with higher rates of relapse,
hospitalization, incarceration, homelessness, and serious infections, such as hepatitis and
HIV/AIDS. (http://www.dhs.iowa.gov/mhdd/docs/CD-2-6.ppt#324) These medical co-
morbidities lead to further mental health decline and a downward spiral of functional
status. (Horvitz-Lennon et al. 2006)
Treatment Silos for Patients with Dual Diagnosis:
“Despite almost twenty years of evidence regarding the prevalence and serious
illnesses of people with dual diagnoses, the United States mental health and substance
abuse systems continue to operate on parallel tracks, causing additional confusion to
those with concurrent disorders. In fact, for many people with dual diagnoses, the
criminal justice system is their de facto treatment system.”
4
(http://www.dhs.iowa.gov/mhdd/docs/CD-2-6.ppt#324) “What compounds the problem
for those seeking help for dual diagnosis is a medical delivery system separated into two,
sometimes competing, „silos‟ of care. If you show up for treatment for substance abuse
you may have one set of providers. Mental illness is treated by an entirely different
group, without coordination or communication, except at the most superficial level,
between the two.” (Tucson Weekly 2001) Refusal to combine services to provide
coordinated treatment has meant unnecessary suffering and expense for thousands of
patients and their families. (Burnam et al 2006)
One of the impediments to integrating MH and SA services is the treatment
philosophy differences between their workforces. Mental health service providers are
largely professionals with formal training, licenses, and credentialing within departments
of psychiatry, psychology, and social work. In contrast, the substance abuse treatment
workforce generally consists of counselors with “experience-based, rather than formal
training.” (Burnam et al 2006)
Research has shown that integrated treatment strategies which 1) approach
recovery in stages, 2) use motivational interventions and counseling, 3) emphasize social
support, 4) view recovery as a long-term, community-based process, 4) is comprehensive
(considers job placement and housing needs), and 5) is culturally competent and
sensitive, lead to improved patient compliance and better treatment outcomes (National
Alliance on Mental Illness 2009).
Administrative and Informational Silos for Patients with Dual Diagnosis:
These dual silos of care for mental health illnesses and substance abuse disorders
have had significant repercussions on patient management and payment issues. Since
5
private payers have traditionally paid at a higher rate for substance abuse treatment than
they do for psychiatric treatment, most private patients have received suboptimal
psychiatric management. “When the private system doesn‟t adequately care for people
with co-occurring disorders, they will eventually lose enough of their assets to qualify for
public care, says Joan McNamara of Compass Healthcare, and that constitutes cost
shifting into a public system which is already overburdened and under-funded.” (Tucson
Weekly 2001)
State, county, and local government agencies are primarily responsible for, and/or
direct, the many health-related services provided for dual diagnosis patients, many of
which receive federal funding. Medicaid is the primary source of federal revenue for
mental health services. In most states, state MH resources are targeted to those with
severe mental health disorders and the Medicaid eligible. And patients with severe
mental health illnesses are generally eligible for Supplemental Security Income (SSI)
through Medicaid because of their disability. State mental health budgets are used to
provide the state match to Medicaid, so they are largely driven by Medicaid policy and
regulations. In contrast, Medicaid pays for only 15% of substance abuse treatment. SA
is not a qualification for disability or Medicaid eligibility and many SA patients are not
eligible for TANF (Temporary Assistance for needy families) and associated Medicaid,
because they do not have dependent children. Furthermore, most state SA treatment
programs have tight funding and are not licensed or credentialed to provide MH services.
“As a result of Medicaid eligibility criteria, distinctive mental health and substance abuse
Medicaid benefits, and categorical block-grant funding, commingling of MH and SA
funds is virtually impossible, and blending of funds is a challenge” (Burnam et al 2006)
6
A unique feature of MH/SA care is that patients are routinely identified and
referred into the MH/SA system by agencies or organizations not part of the traditional
health care system, e.g. schools, employers, welfare, or the justice system. The same
patient may be treated by one state-funded mental health agency, a second state-funded
substance abuse agency, as well as a third privately-funded or Medicaid-funded general
medical health provider. The patient may then need other publicly funded social
services, such as job training, employment assistance, housing support, income
maintenance programs, foster care evaluation, and criminal justice follow-up. “The
overlap in public program services for clients with multiple needs leaves States with an
acute need for cross-program data at the person-level.” (SAMHSA 2007). But, due to
different federal funding streams and treatment philosophies, “states have evolved
distinctive administrative structures for MH and SA services…[which] involve separate
state-level leadership, separate licensing and quality assurance standards for provider
agencies, and separate management information systems to support reimbursement of
services and accountability…distinctive financing and regulatory environments create
challenges to unified approaches to the delivery of services even when a single state
agency is in charge.” (Burnam et al 2006) An unfortunate result of the treatment silo
system of MH and SA care is an “information silo problem”- multiple and fragmented
systems of data reporting; no information sharing on the same individual across programs
and providers for coordination of care; inadequate information for policy analysis and
effectiveness research; and difficult, if not impossible, information sharing within State
and beyond for joint program planning”. (SAMHSA 2007) Data collection within each
program is developed to address the requirements of the funders of each program, not the
the broader scope of clinical, quality improvement, or research needs of this patient
7
sector. (Burnam et al 2006) Data across the MH, SA, and Medicaid public programs
have revealed duplication of services, as well as duplicated costs and payments. (Coffey
et al 2008) Separate management information systems even make it difficult to know the
percent of MH patients with SA disorders or the percent of SA patients who receive MH
treatment. (Burnam et al 2006)
To overcome some of the silo problems described above, some states have
developed financing strategies to support dual diagnosis treatment integrated at the state
provider agency level, including “crossover funding”. (Burnam et al 2006) Some states
have made Medicaid funding more flexible, so special billing codes and service
definitions will cover co-occurring disorders. For example, state Medicaid programs in
Arizona have contracted with managed care organizations vendors to fund both MH and
SA services. Other states like Connecticut have modified licensing regulations so that
MH and SA treatment provider agencies can be cross-licensed. Arizona requires MH and
SA provider agencies to be “dual-diagnosis enhanced” or “capable” so that they can link
complementary services outside their agency (Burnam et al.2006). Standardized intake
protocols documenting co-occurring diseases, developing common service definitions,
and coding that allows “comparisons across systems and data elements that specifically
identify integrated co-occurring disorders services” are attempts at more integrated dual
diagnosis treatment. (Burnam et al. 2006)
Call for Informational Exchange in the Care of Patients with Dual Diagnosis:
The Institute of Medicine (IOM) report, Improving the Quality of Health Care for
Mental and Substance-Use Conditions, recognized that the mass of disconnected delivery
arrangements in MH and SA systems requires special care coordination and care
8
integration. According to „The President‟s New Freedom Commission on Mental Health‟
(2003) “consumers often feel overwhelmed and bewildered when they must access and
integrate mental health care and related services across multiple, disconnected providers
in the public and private sectors”. Furthermore, there is a lack of agreement about which
entity or entities should be held accountable for coordinating care. (IOM 2006) IOM has
formally called for changes in the healthcare system and the collection of data to measure
treatment outcomes in this dual diagnosis patient population. It has highlighted how MH
and SA services have lagged behind general health care services in adopting information
technology to support evidence-based treatment initiatives. (Coffey et al 2008)
Specifically, it has called upon informaticists to create patient-centered information
systems and interoperability between the information systems of Medicaid and State
mental health and substance abuse treatment programs to “satisfy different reporting
requirements and address new issues seamlessly.” (SAMHSA 2007)
A SAMHSA-sponsored project, The Integrated Database Project, revealed that
existing public programs used different concepts and data elements, incompatible
definitions for the same data elements, local coding schemes for concepts, had varying
record-keeping practices, and missing clinical elements. Subsequently, SAMHSA and
the Center for Medicaid and Medicare Services (CMS) are collaborating to promote
integration among Medicaid data systems, state mental health data systems, and state
substance abuse data systems using the Medicaid Information Technology Architecture
(MITA). (Coffey et al. 2008) The primary goal of MITA is to be „patient/consumer-
centric‟ and unconstrained by organizational silos; to collect information on Medicaid
beneficiaries from sources within and outside the Medicaid agency for purposes of
analyzing healthcare outcomes. Secondly, MITA seeks to ensure that all future Medicaid
9
systems are built according to national data and technical standards for interoperability,
to drive down administrative costs. Third, MITA encourages transparency across
Medicaid beneficiaries, care providers, and program administrators in terms of quality
standards, price standards, and interoperability of health systems. (Bazemore et al 2007)
Some states have also begun entering their siloed MH and Medicaid data into data
warehouses (but not SA data), while others are linking and de-identifying data for
research initiatives. “Efforts to build integrated databases from separate information
systems, at the back-end, after the data systems have been established independently of
each other…have been very difficult, expensive, and disappointing. The solution…is
front-end database development- compatible foundations of patient-centered reporting,
common definitions, identical codes, standard messaging, open-source architecture,
agreed upon privacy policies and security protections, and data sharing rules, among
other dimensions.” (Coffey et al 2007)
There are many barriers to creating integrated MH, SA, and general medical
systems, which must address 1) integrated patient treatment (across all providers of
MH/SA/ medical services), 2) integrated programs (proper staff or linkages with other
programs to address all of a client‟s needs), and 3) integrated systems (an organizational
structure that supports different patient programs through funding, credentialing/
licensing, data collection/reporting, needs assessment, planning, and other system
planning and operation functions). (IOM 2006) The focus of this paper, however, will be
on the current privacy safeguards, relating specifically to mental health and substance
abuse health care information, which may need to be reexamined in order to achieve
these goals.
10
Privacy Law Barriers to Data Exchange in the Care of Patients with Dual Diagnosis:
Current constraints on information exchange are imposed by four bodies of law,
1) federal Health Insurance Portability and Accountability Act (HIPAA) regulations, 2)
individual state privacy laws and regulations, 3) individual state statutes governing the
privacy of mental health medical records, and 4) the federal statute governing
confidentiality of substance abuse records. (Jost 2006)
In 1996, Congress passed The Health Insurance Portability and Accountability
Act (HIPAA), Public Law 104-191 and gave the Center for Medicare and Medicaid
(CMS) three years to enact comprehensive regulations to govern how the HIPAA law
would be implemented. Specifically, it required CMS to implement national standards to
protect the privacy of individually identifiable health information that was transmitted
electronically. CMS missed the three year deadline. It published a Final Privacy
Regulation, to implement the privacy provisions of HIPAA on December 28, 2000.
Modifications were made and re-published on August 14, 2002. Covered entities were
mandated to be in compliance with the amended regulation by April 14, 2003. The final
HIPAA rules at 45 C.F.R. § 164.502 (1a) addresses “covered entities”, which are defined
as health care providers, health plans, healthcare clearinghouses, and “business
associates” of covered entities. It directs those covered entities to not use or disclose
protected health information (PHI), in whatever form (electronic, paper, or verbal),
except under 6 conditions. These conditions are for 1) treatment, 2) payment and 3)
healthcare operations (collectively termed “TPO”), 4) by operation of law (subpoena,
court order, or public health), 5) if the covered entity obtains written patient
authorization, and 6) if there is a waiver of patient authorization from an IRB or Privacy
Committee. Expanding on the “TPO” exception, PHI can be used and disclosed for
11
purposes of treatment by attending physicians, consultants and other healthcare providers,
to process payment claims and insurance premiums, for quality assessment and
improvement activities, case management and care coordination, for public health
activities, for competency assurance activities, performance evaluation, credentialing,
accreditation, conducting/ arranging medical reviews, audits, legal services, fraud and
abuse detection, compliance programs, insurance functions (i.e. underwriting, risk rating,
and reinsuring risk), business planning, development, management, and administration,
and general administration activities. Covered entities must make reasonable efforts to
use or disclose the “minimum amount of necessary health information” to achieve its
purpose. Assuming that reasonable standards of care and safeguards are maintained,
incidental uses and disclosures of PHI are not viewed as violations of the Privacy Rule.
(Lindgren 2009)
A key exception to the Privacy Rule‟s permission to share treatment information
is included under 45 C.F.R. § 164.508 (2a). It carves out psychotherapy notes as a
special form of treatment information that may only be disclosed with patient
authorization, “except insofar as they are used by the originator of the notes or for a
covered entity‟s supervised mental health education and training purposes” (Jost 2006)
“Psychotherapy notes” means any notes (verbal, electronic, paper) by a mental health
provider “documenting or analyzing the contents of a conversation during a private
counseling session or a group, joint, or family counseling session and that are separated
from the rest of the individual‟s medical records.” (Jost 2006) They do not include
medication prescribing or monitoring, types of treatments used or frequency of
treatments, results of clinical tests, and any summary of the following items: diagnosis,
functional status, the treatment plan, symptoms, prognosis, and progress to date (45
12
C.F.R. § 164.501) Authorization to release psychotherapy notes is an especially rigorous
process, according to 45 C.F.R.§ 164.508 (c). The authorization must detail the exact
information to be disclosed, the identity of the person or class of persons who may
disclose the information and to whom the information may be disclosed, a description of
the purpose of the disclosure, an expiration for the authorization, and the signature of the
person authorizing the disclosure. Furthermore, under 45 C.F.R. § 164.508(b) and (c),
the individual who signs the authorization may revoke it at any time, a provider cannot
condition treatment on the patient‟s willingness to provide authorization, and an
authorization for release of psychotherapy notes must be maintained as a separate and
independent document. (Jost 2006) Each of the 50 states, as well as the District of
Columbia, has a number of statutes governing medical record confidentiality. In
reconciling federal and state regulations, the federal Privacy Rule provides for
preemption by those state laws which are “more stringent” than the privacy rule. “More
stringent” means that these state laws would prohibit or restrict a use or disclosure of PHI
that would be permitted under the federal Privacy Rule (45 C.F.R. § 160.203 (b)).
The legal barriers to database interoperability are further complicated by
individual state statutes specifically governing the privacy of mental health medical
records. Many states have laws governing records of patients in state mental hospitals or
mental health programs (e.g. Idaho and New York). Some states have laws governing the
records of specific mental health practitioners, including psychologists, social workers,
and counselors. In Massachusetts, the records of psychologists are confidential and no
exceptions are made for sharing of information for treatment (Mass. Gen. Laws.ch. 112 §
129A). Missouri law (Mo. Rev.Stat § 337.636) and Wyoming law (Wyo.Stat.Ann. § 33-
38-109) both apply similar restrictions for sharing of information for treatment to
13
psychologists, social workers, and professional counselors. Nebraska law (Neb.Rev.Stat§
71-1,335(1)) imposes an “absolute obligation of confidentiality on mental health
practitioners, but allows the Board of Mental Health Practice to define regulatory
exceptions. (Jost 2006) Some states, moreover, have specific statutes governing the
records of patients involuntarily committed to mental institutions (e.g. Idaho, Nebraska,
and Washington State), often with provisions that permit sharing information for the
purpose of mandating outpatient treatment. Lastly, most states have statutes that
generally govern the records of all mental patients. Such examples of strict state
mandates for mental health providers to protect patient mental health records create real
barriers for the broader concept of data-sharing and the creation of interoperable data
systems. (Jost 2006)
Since the 1970‟s, the Congress recognized that people would not enter substance
abuse treatment programs if they were subject to stigma or feared prosecution, and
subsequently enacted legislation protecting their rights to confidentiality (42 C.F.R. Part
2, or simply, Part 2) (SAMHSA 2004) Health information regarding substance abuse is
independently governed by this federal substance abuse treatment confidentiality law, 42
U.S.C. § 290dd-2. The law applies to any facility receiving federal funds for any
purpose, including Medicare or Medicaid reimbursement. It provides that “records of the
identity, diagnosis, prognosis, or treatment of any patient which are maintained in
connection with the performance of any program or activity relating to substance abuse
education, prevention, training, treatment, rehabilitation, or research, which is conducted,
regulated, or directly or indirectly assisted by any department or agency of the United
States shall be confidential and be disclosed only for the purposes and under the
circumstances expressly authorized under subsection (b) of section 42 U.S.C. § 290dd-
14
2a.” A statutory exception authorizes disclosure of information to medical personnel in a
“bona fide medical emergency”. Another exception is for communications of
information between or among personnel having a need for the information in connection
with their duties that arise out of the provision of diagnosis, treatment, or referral for
treatment of alcohol or drug abuse if the communications are within a program, or
between a program and an entity that has direct administrative control over the program
(42 C.F.R § 2.12 (c)(3)). There is also an exception for communications between a
program and a qualified service organization of information needed by the organization
to provide services to the program (42 C.F.R. § 2.12 (c)(4)). Such „qualified service
organizations‟ are defined as organizations that provide support services like billing and
data processing. (Jost 2006) Of course, substance abuse treatment information can be
disclosed with proper patient consent (42 C.F.R. § 2.33). A Part 2 consent form must be
written in plain language and include the name or general designation of the program or
person permitted to make the disclosure, the name or title of the individual or name of the
organization to which disclosure is to be made, the name of the patient, the purpose of the
disclosure, how much and what kind of information is to be disclosed, the signature of
the patient, the date on which consent is signed, a statement that the consent is subject to
revocation at any time, except to the extent that the program has already acted on it, and
the date, event, or condition upon which consent will expire if not previously revoked.
The consent form must also contain a statement not conditioning treatment on the
patient‟s willingness to authorize disclosure. Programs that disclose information via
consent must include a written statement that the information cannot be redisclosed. (42
C.F.R. § 2.32) (SAMHSA 2004) “Though the HIPAA privacy regulations do not
expressly address their relationship to the substance abuse confidentiality laws, the
15
preamble to the privacy regulations recognizes the constraints of the substance abuse
confidentiality law. It states that 1) in general, the privacy law and substance abuse law
do not conflict, and 2) wherever one is more protective of privacy than the other, the
more restrictive should govern (65 Fed.Reg.82462, 82482-82483)” (Jost 2006)
Substance abuse treatment programs must comply with Part 2, as well as the Privacy
Rule. They will continue to follow Part 2‟s general rule not to disclose information
unless they can obtain consent or point to a permissible exception. They must then
ensure that the disclosure is also permissible under the Privacy Rule (SAMHSA 2004)
Most states also have statutes that govern substance abuse records. Many are
similar to the federal law or refer back to the federal law. Some are less flexible than the
federal law, governing substance abuse counselors as licensed professionals who are
forbidden to disclose records without express content and with no treatment exception
(e.g. La.Rev.Stat.Ann. § 37:3390.4). Missouri law promises absolute confidentiality to
pregnant women for substance abuse treatment (Mo.Rev.Stat. § 191.731). New Jersey
law only permits disclosure of substance abuse records with a court order (N.J.Stat.Ann.
§ 26:2B-20). Other state statutes permit greater disclosure than the federal law, giving
sole discretion to the head of the treatment facility if that individual makes a written
determination that the disclosure is necessary for the treatment of the patient
(Kan.Stat.Ann. § 59-2979). Mississippi law allows disclosure without consent to
treatment personnel for purposes of patient treatment (Miss.Code.Ann § 41-30-33).
A state law preempts federal HIPAA regulations, as well as the federal substance abuse
confidentiality statue and regulations, when it is more protective of patient privacy. (Jost
2006).
16
To further complicate the regulatory environment of exchange of mental health
and substance abuse information, “regulations implementing HIPAA also permit health
care organizations to implement their own patient consent policies for the release of
patient information to other treating providers. As a result, health care organizations may
adopt more stringent privacy protections that require participating providers to adhere to
additional procedures before sharing patient information with other treatment providers
or organizations.” (IOM 2006)
Social and Ethical Challenges to Current Privacy Barriers:
Patients with dual diagnosis pose an excess burden on society. They are much
more likely than the general population or patients with single diagnoses of MH or SA to
be homeless or jailed. “An estimated 50% of homeless adults with serious mental
illnesses have a co-occurring substance abuse disorder…[and] 16% of jail and prison
inmates are estimated to have severe mental and substance abuse disorders. Of those
patients with co-occurring major mental illness and substance abuse, 31% committed at
least one violent act during the course of the year. (Institute of Medicine 2006). Just the
back-and-forth treatment alone currently given to non-violent persons with dual diagnosis
is costly…And violent or criminal consumers, no matter how unfairly afflicted, are
dangerous and also costly. Those with co-occurring disorders are at high risk to contract
AIDS, a disease that can affect society at large. Costs [to society] rise even higher when
these persons, as those with co-occurring disorders have been shown to do, recycle
through the healthcare and criminal justice systems again and again.” (National Alliance
on Mental Illness 2009) This societal burden, which includes criminal justice and
incarceration costs, violent crimes, homelessness, excessive use of emergency rooms for
17
routine medical care, and the public health risks and costs of treatment for communicable
diseases such as HIV, hepatitis, and tuberculosis, demands effective integrated treatment
for patients with dual diagnosis. Moral utilitarian arguments could also support the view
that the public welfare dictates interoperability of public MH and SA data systems for
purposes of individual client risk assessment, treatment, and monitoring, as well as for
research studies on populations, to measure treatment outcomes and health care costs.
In its 1996 decision (Jaffe v. Redmond), the U.S. Supreme Court wrote,
“The psychotherapist privilege serves the public interest by facilitating the provision of
appropriate treatment for individuals suffering the effects of a mental or emotional
problem. The mental health of our citizenry, no less than its physical health, is a public
good of transcendent importance.”(Surgeon General 2009)
Proposal for Legal Modifications of Privacy Laws for MH and SA Patient Health
Information:
Most stakeholders in the management of patients with dual diagnosis will
automatically invoke HIPAA as the major barrier for sharing necessary health
information. This is actually a common myth, since HIPAA permits disclosure of
individually identifiable health information (except psychotherapy notes) for purposes of
treatment, payment and health care operations- without patient consent- as a legal
exception to its privacy law. (Petrila 2007) It is, in fact, the more stringent federal and
state statutory and regulatory provisions governing the exchange of individually
identifiable MH and SA information that are the real obstacles to cross system
collaboration in this patient population. In order to achieve coordinated patient mental
health, substance abuse, and medical care, as well as public protections, a better balance
18
needs to be reached between protecting patient privacy and sharing patient health
information.
Changes in the health care industry have made state-by-state approaches to
confidentiality increasingly problematic. As discussed earlier, there are differences in
general privacy standards among states, between states and the federal government,
separate state standards for mental health information and federal standards for substance
abuse information. Within the same state there are a number of statutory provisions that
address the confidentiality of mental health information, including state mental health
law, judicial privilege statutes, laws applicable to licensed professionals, and various state
oversight laws. (Surgeon General 2009) Moreover, many states do not articulate
standards for client consent to disclosure. Access by other providers varies by state also.
“One expert described the current law governing the confidentiality of health care
information as a „crazy quilt of Federal and state constitutional, statutory, regulatory, and
case law that erodes personal privacy and forms a serious barrier to administrative
simplification”. (Surgeon General 2009)
The following discussion proposes revisions to existing health care law, state, and
federal regulations, and should be applied to all federally funded or assisted mental health
and substance abuse programs. Central to this discussion is the debate as to whether
certain types of health information really deserve greater legal protection than others in
this country and whether patients who receive public support should be allowed to
withhold health information that will impact public spending. These policy challenges
aim to create a better balance between the protections of the individual and the
protections of society.
19
First, the federal HIPAA privacy standard should cover both mental health
information and substance abuse information, individual state privacy law preemptions
should be eliminated, and the federal substance abuse confidentiality law (42 C.F.R Part
2) abolished. With these legal changes, both mental health and substance abuse personal
health information could be used and disclosed for purposes of treatment, payment, and
healthcare operations without specific patient authorization. This would include
treatment by physicians, physician extenders, certified or licensed substance abuse
counselors, social workers, and psychologists, payment claims and insurance premiums,
quality assessment and improvement activities, case management and care coordination,
public health needs, performance evaluation, credentialing, accreditation, medical
reviews, audits, legal services, fraud and abuse detection, compliance programs, business
planning and development, management and administration and general administration
activities. Safeguards, however, would obviously need to be heavily enforced, to ensure
that only the minimum amount of necessary health information is released to achieve
these activities.
Second, each state would need to create its own unified Office of Mental Health
and Substance Abuse (OMHSA), which would have direct administrative oversight of all
state-licensed mental health and substance abuse facilities (both outpatient and inpatient).
The OMSA would have responsibility for developing and maintaining 1) a federally
mandated regional provider electronic database, and 2) an interoperable payment and
health care operation database. The Office would also have responsibility for monitoring
audit trails on both databases and have the authority to impose civil and criminal
penalties for security breaches.
20
1. Federally Mandated Regional Provider Electronic Database:
A new federal law would require that all clients enrolling in federally assisted
mental health and substance abuse programs have a comprehensive intake assessment,
including a formal psychiatric evaluation, a full general medical examination, formal
drug screening, as well as an evaluation by a certified or licensed substance abuse
counselor. These evaluations would be performed by providers chosen personally by the
client (in the private or public sector) or, if the client elected, by providers assigned by
the intake facility (who may or may not be formally affiliated with the facility). Provider
names (psychiatrist/psychologist/social worker, physician, substance abuse counselor)
would be electronically stored for each client on a “provider list” within a regional mental
health electronic database, which would only be accessible to those treatment providers
on the “provider list”. All providers would need to enter the results of their intake
assessments onto formal templates, which would be stored within the database. These
provider templates could not be auto-generated with defaulted information, to prevent
unintended inaccuracies in provider entries. Electronic linkage to the Medicaid system
would bar provider service reimbursement until these intake assessments were fully
completed and authenticated by the provider. Similarly, no follow-up services by any
listed provider would be paid by public funds unless follow-up electronic treatment forms
were fully completed and provider authenticated. The regional electronic mental health
database, therefore, would serve as a provider-protected and confidential continuity
record of each client‟s psychiatric, substance abuse, and general medical care over time.
The regional provider database would need the following capabilities to reduce
the likelihood of falsification:
21
a) Access control functions: including user authentication, extensive privilege
assignment and control features,
b) Capability to attribute the entry, modification, or deletion of information to a
specific individual or subsystem.
c) Capability to log all activity
d) Capability to synchronize a common date and time across all components of the
system
e) Data entry editing with capability of verifying validity of all information on entry,
checking for duplication and conflicts, controlling and limiting automatic creation of
information or auto-population of information on provider templates. (AHIMA 2009)
The database would be secured with message-by-message encryption, digital
certificate authentication and digital signatures. State OMHSA‟s would be responsible
for vetting the licenses and credentials of all provider types and for setting policies and
procedures for all providers who receive password access. These policies would outline
system functionality, system security, legal and regulatory standards for use and
disclosure of sensitive PHI and use of electronic health records. All providers would be
required to sign formal electronic contracts confirming that they were sufficiently
educated regarding the above and that they understood these policies and procedures.
Signed contracts would be a requirement for public reimbursement of provider services.
Civil and possibly, criminal sanctions, would be imposed on providers who intentionally,
or unintentionally, allowed surrogates password access to the database.
The new privacy standard would permit disclosure of all mental health and
substance abuse information within the regional mental health electronic database to
22
outside treating health care providers not listed on the electronic “provider field”-without
specific patient authorization- i.e. for treatment purposes only. For instance, if a patient
in the database sought care from an outside provider, hospital, or facility, the newly
treating physician or substance abuse counselor could query the regional database for
mental health information and/or substance abuse information without the patient‟s
specific authorization. The new provider would be electronically logged into the system
and given password-protected access after appropriate system vetting of credentials,
licensure, provider education, and contract signature. The provider‟s name would be
added to the patient‟s electronic “provider list”. The patient would not have the right to
limit access by treating providers, but would have the right to request a list of providers
who have had access to his/her records.
The regional provider database would be monitored for abnormal patterns of
activity, including entries at unusual times, or unusual repetition of particular entries. As
required by the HIPAA Title II security rule CFR Part 136.316(b)(1), audit trails would
be maintained within the electronic database. Rigorous auditing procedures would be
monitored by State OMHSA‟s, to ensure that only authorized providers were using the
system. Furthermore, there would be system-generated warnings to State OMHSA‟s of
attempted unauthorized access. (AHIMA 2009). To prevent intentional or unintentional
disclosure of patient MH or SA information, the electronic medical record would not
allow patient health information to be printed out on paper. An exception would be
made, following written authentication procedures, for court subpoena of patient records.
23
2. An Interoperable Payment and Health Care Operation Database
A target date would be set for all federally funded or federally assisted mental
health and substance abuse programs to adopt a separate interoperable electronic health
information database to be used for all payment and health care operations permitted
under the HIPAA privacy rule exceptions. This front-end database development would
create compatible foundations of patient-centered reporting, common definitions,
identical codes, standard messaging, open-source architecture, agreed upon privacy
policies and security protections, and data sharing rules between federally funded
agencies. The database would have internal electronic safeguards and controls, and
password protections to ensure that users have limited access based upon the nature of
their responsibilities (i.e. “least privilege”), and that only the minimum amount of
necessary mental health/substance abuse health information would be shared for its
intended purpose. Non-disclosure agreements would be created with all recipient
agencies of individual patient mental health and substance abuse information. State
OMHSA‟s would regulate the database and perform regular and frequent monitoring of
audit trails. A description of the content of information disclosed, as well as the name of
the person authorizing the release of information, would be maintained in audit trails and
retained in audit logs, according to state and/or federal laws. The system would be
rigorously monitored for unusual patterns of activity, attempts at unauthorized access,
and spikes in the number of people accessing a particular patient‟s record. Anyone
compromising protected health information within the database or using such information
inappropriately would be subject to civil and criminal penalties. The new law governing
use and disclosure of mental health and substance abuse information would permit
patients to “opt out” of disclosure of sensitive mental health/ substance abuse information
24
to payers and third party reviewers; patients would not be refused mental health or
substance abuse care based on willingness to disclose sensitive personal health
information, but would not receive public funding for such services.
Some patients with dual diagnosis are currently protected by federal civil rights
laws, which prohibit discrimination in many areas of life against qualified “individuals
with disabilities”. Such patients are defined as having a current “physical or mental
impairment” that “substantially limits one or more of that person‟s major life activities,
such as caring for one‟s self, working, etc. Patients who have addictions which
“substantially limit major life activities” are also protected by federal non-discrimination
laws. (U.S.Department of Health and Human Services 2009). These laws include The
Americans with Disabilities Act (ADA), The Rehabilitation Act of 1973, The Fair
Housing Act (FHA), and The Workforce Investment Act (WIA). People who currently
use illegal drugs and people whose use of alcohol or drugs pose a “significant risk of
substantial harm to the health and safety of others” are not protected under these non-
discrimination laws. (U.S.Department of Health and Human Services 2009). Dual
diagnosis patients protected under non-discrimination laws, as well as those not protected
by these laws, commonly apply for employment, medical leave from employment, job
training, housing, and certain government services and programs, including educational
and training programs, welfare, child-care assistance, and student loans. However, for
those patients protected by non-discrimination laws, there may still be limits on public
eligibility because of personal drug use or drug-related criminal activity. For instance,
the Quality Housing and Work Responsibility Act requires public housing agencies,
Section 8, and other federally assisted housing providers to limit public housing to
anyone evicted because of drug-related criminal activity (possession or sale) for 3 years
25
after eviction, if a household member abuses drugs or alcohol in a manner “that may
interfere with the health, safety, or right to peaceful enjoyment of the premises by other
residents”, or if a household member has engaged in drug-related criminal activity within
“ a reasonable time of the application”. (U.S.Department of Health and Human Services
2009). The Federal Welfare Law (The Personal Responsibility and Work Opportunity
Act of 1996) imposes a “lifetime ban on Federal cash assistance and food stamps for
anyone convicted of a drug-related felony (possession or sale) after August 22, 1996.
Twelve states currently do not impose the ban and 21 others have modified bans,
allowing people who show they are getting rehabilitated, to become eligible again.
Furthermore, the Higher Education Act of 1998, makes “students convicted of drug
offenses (possession or sale) ineligible for federally funded student loans, grants, or work
assistance for different lengths of time depended on the type of offense and repeated
offenses”. (U.S.Department of Health and Human Services 2009). Currently, all states
must comply with this federal education law. Lastly, the Department of Transportation
Appropriation Amendment offers “federal financial incentives to State that agree to
revoke or suspend, for at least 6 months, the driver‟s license of anyone convicted of a
drug offense (drug-related driving offenses, drug possession or sale)” which many states
choose not to opt out of. (U.S.Department of Health and Human Services 2009). Clearly,
many public agencies rely on updated health information, regarding substance abuse and
mental health, to determine client eligibility for services. A new uniform federal law
must be enacted, with administrative oversight by state OMHSA‟s, to permit public
agencies access, via computer key, to a restricted layer of the electronic regional provider
database. This layer would contain the minimum amount of protected health information
for such public agencies to determine eligibility for services, including whether the client
26
is actively complying with both substance abuse rehabilitation services and psychiatric
monitoring, past and current criminal charges and penalties, and previous agency refusal
of services. All parties coming into possession of a client‟s protected health information
(psychiatric, substance abuse, and general health information), which include the above-
mentioned public agencies, as well as schools, correctional facilities, and child welfare/
foster care programs, would be required to sign non-disclosure agreements. Strong
firewall protections and electronic audit trails would need to be rigorously monitored by
state OMHSA for appropriateness, as well as for suspicious activity. State OMHSA‟s
would be mandated by federal law to impose criminal sanctions upon persons responsible
for privacy breaches of personal mental health and/or substance abuse information. In
addition, all these public agencies require some degree of informational exchange for the
purposes of patient treatment, payment, client evaluation, research, monitoring treatment
outcomes, quality assurance activities, and public health purposes. These agencies would
require limited access to the payment and healthcare operation database, which would
contain interoperable codes and terminology to permit seamless informational exchange.
All States currently have laws requiring substance abuse treatment programs to
report suspected child abuse and neglect. Is not the intention of the proposed revisions in
federal and state laws, described herein, to mandate reporting of patients who actively
seek treatment for their substance abuse problems. The revisions would continue to
protect patient confidentiality in these situations unless there was concern about danger of
harm to a child. Business agreements with public agencies, which would have computer
access to the interoperable electronic database, would need to include specific non-
disclosure statements preventing those agencies from disclosing mere substance abuse
information to criminal authorities, without appropriate evidence of harm to a child.
27
Furthermore, the dually diagnosed are at high risk of criminal activity. Compared
to offenders with mental illness alone, the dually diagnosed are more likely to be serving
sentences related to their substance use. These offenses are most commonly public order
offenses, property crimes, and drug-dealing offenses. “Spending time in a correctional
facility leaves this population with a triple stigma to contend with on return to the
community. These patients are not preferred candidates for rehabilitation programs or
residential communities, nor are they medically compliant”. (Hartwell 2004) Upon
release from jail, they are likely to be homeless and to violate probation. They usually
are too impaired to understand the risks of their behaviors, and frequently recidivate to
correctional custody, further isolating them from societal norms and incapacitating them
functionally. (Hartwell 2004)
More and more dually diagnosed patients are being incarcerated with longer jail
sentences, yet psychiatric treatment and rehabilitation services in correctional facilities
are seriously under-funded and overcrowded. “There is little or no continuity of care
between correctional and community mental health and substance abuse services. As a
rule there is no communication with community providers at the time of incarceration,
and individuals whose condition may have deteriorated in prison are released directly to
the community with no transition planning…This is true even for inmates who have been
housed in super-maximum security units until the day of their release.” (AACP 2009)
Unless there is an integrated care approach to inmate release planning, successful
community integration is unlikely. (Osher et al. 2003)
Federal laws would need to mandate state OMHSA‟s to create dedicated
departments to provide administrative oversight of mental health and substance abuse
care within, and transitioning out of, correctional health care facilities. State and federal
28
laws would need to mandate service contracts between correctional facilities and
community mental health, substance abuse, and medical providers. All correctional
health facility and community-based providers would need password-protected access to
the regional provider electronic database. This access would not require patient
authorization. Correctional health facility regulations would require the discharging
medical, psychiatric, and substance abuse providers to complete a correctional discharge
template within the database system, which would include, but would not be limited to, a
summary of the patient‟s medical, mental health, and substance abuse history and
treatment during confinement, diagnoses, medications and dosages, legal status, as well
as a transition plan to the community. Formal business agreements would need to be
created with those community facilities assuming mental health, substance abuse, and
general medical care. These facilities would have access to the payment and healthcare
interoperable database on a limited privilege basis and would need to sign non-disclosure
agreements.
Conclusion:
Dual diagnosis patients are currently cared for in treatment and informational
silos. There is little cross collaboration between general medical providers, psychiatric
providers, and substance abuse counselors, which hinders effective treatment. Federal
and state laws, related to use and disclosure of mental health and substance abuse health
information, have been enacted to protect patient confidentiality and to empower patients
to seek treatment without fear of stigma or reprisals that will adversely affect
employment, public assistance, or parental rights. Unfortunately, these federal and
varying state laws are often conflicting and extremely confusing, even to stakeholders.
29
More importantly, specific patient consent statutes have created roadblocks to providing
integrated treatments that have been demonstrated to be effective in this patient
population.
The American Recovery and Reinvestment Act of 2009 earmarked $19 billion in
federal funds for the expansion of health information technology, to make the conversion
from paper medical records to electronic health records a national priority, in the belief
that this will improve both patient safety and health care quality, while lowering costs.
(Wikipedia 2009) Using the transformational power of health information technology,
separate electronic patient databases can be created so that patient mental health,
substance abuse, and general medical health information can be shared just among
providers or between providers and third parties. Patient authorization would not be
required for treatment, payment, or health care operations, because patient confidentiality
could be ensured via the operational design of these innovative technologies as well as by
rigorous state department oversight, rather than by confusing laws.
REFERENCES:
American Association of Community Psychiatrists. (2009). Position Statement of AACP
on Persons with Mental Illness Behind Bars. Retrieved August 10, 2009 from:
https://www.com/psych.pitt.edu/finds/mibb.html
American Health Information Management Association: HIM Body of Knowledge.
Guidelines for EHR Documentation to Prevent Fraud and Appendix C: Steps to
30
Prevent Fraud in EHR Documentation. Retrieved August 7, 2009 from:
http://library.ahima.org
Burnam, M. Audrey and Katherine E. Watkins., (2006). Substance Abuse with Mental
Disorders: Specialized Public Systems and Integrated Care. Health Affairs,
May/June 2006:25(3):648-658.
California Healthcare Foundation (2008). A Delicate Balance: Behavioral Health, Patient
Privacy, and The Need to Know. Issue Brief. March 2008. Retrieved August 12,
2009 from:
www.gwumc.edu/sphhs/departments/healthpolicy/CHPR/downloads/ADelicateBa
lanceHealthAndPrivacy.IB.pdf
Centers for Medicare and Medicaid Services/ SAMSA. (2007). Increasing
Interoperability in Health Information Systems for Medicaid, Mental Health, and
Substance Abuse Treatment. Conference January 24-25, 2007.
Coffey, Rosanna, Buck, J., Kassed, C., Dilonardo, J., Forhan, C., Marder, Wm., and
R.Vandivort-Warren. (2008). Transforming Mental Health and Substance Abuse
Data Systems in the United States. Psychiatric Services, November 2008,
59 (11): 1257-63.
Coffey, Rosanna, Chalk, M., and J. Dilonardo. (2007). Increasing Interoperability in
Health Information Systems- What is the Value to Healthcare Stakeholders-
Consumers, Providers, State and Federal Governments and Taxpayers? Presented
at the Conference for Medicaid, Mental Health, and Substance Abuse Treatment,
January 24-25, 2007.
Hartwell, Stephanie. (2004). Triple Stigma: Persons with Mental Illness and Substance
31
Abuse Problems in the Criminal Justice System. Criminal Justice Policy Review,
March 2004, 15(1): 84-99.
Horvitz-Lennon, M., Kilbourne, A., and H.Pincus. (2006). From Silos to Bridges:
Meeting the General Health Care Needs of Adults with Severe Mental Illnesses.
Health Affairs, May/June 2006. 25(3): 659-669.
Institute of Medicine (2006). Improving the Quality of Health Care for Mental and
Substance-Use Conditions: Quality Chasm Series. Chapter 5: Coordinating Care
for Better Mental, Substance-Use, and General Health.
Jackman, Tom., (2009). Dual Disorders Rarely Treated Properly. The Washington Post,
July 28, 2009.
Jost, Timothy. (2006). Improving the Quality of Health Care for Mental and Substance-
Use Conditions: Quality Chasm Series. Appendix B: Constraints on Sharing
Mental Health and Substance-Use Treatment Information Imposed by Federal and
State Medical Privacy Laws. 2006.
Lindgren, Karen. (2009). Healthcare Data: Privacy and Security Issues in Medical
Informatics. Powerpoint Presentation. Masters of Medical Informatics 407.
Malek, Linda A. and Brian Krex. (2009). HIPAA and Mental Health Information:Know
the Law. Retrieved July 20, 2009 from:
http://library.ahima.org/xpedio/groups/public/documents/ahima/bok3
Mental Health: A Report of the Surgeon General. Chapter 7: Confidentiality of Mental
Health Information: Ethical, Legal, and Policy Issues. Retrieved July 30, 2009
from: http://www.surgeongeneral.gov/library/mentalhealth/chapter7/ref7.html
32
Munday, M.F.(2001). Silos of Care: If you‟re mentally ill and addicted to drugs, private
insurers may farm you out to public providers. Tucson Weekly, November 15,
2001. Retrieved July 27, 2009 from:
http://www.tucsonweekly.com/tucson/silos-of-care
Osher, F., Steadman, H., and H. Barr, (2003). A Best Practice Approach to Community
Reentry From Jails for Inmates with Co-Occurring Disorders: The APIC Model.
Crime and Delinquency, January 2003. 49(1) : 79-91.
Petrila, John. (2007). Some Thoughts on HIPAA and Cross-System Collaboration.
Presented at the CMS/SAMHSA Conference for Medicaid, Mental Health, and
Substance Abuse Treatment. January 24-25, 2007
U.S. Department of Health and Human Services. (2004). The Confidentiality of Alcohol
and Drug Abuse Patient Records Regulation and the HIPAA Privacy Rule:
Implications for Alcohol and Substance Abuse Programs. June 2004.
U.S. Department of Health and Human Services. (2009) Substance Abuse and Mental
Health Services Administration. Center for Substance Abuse Treatment. Know
your Rights.
U.S. Department of Health and Human Services. OCR Privacy Brief: Summary of the
HIPAA Privacy Rule. April 2003. pages 1-23.
Wikipedia (2009). American Recovery and Reinvestment Act of 2009. Retrieved
August 3, 2009 from:
http://wikipedia.org/wiki/American_Recovery_and_Reinvestment_Act_of_2009