1

PATIENTS WITH CONCURRENT MENTAL HEALTH, SUBSTANCE ABUSE,

AND GENERAL MEDICAL ILLNESSES:

CHALLENGES TO BREAKING DOWN INFORMATIONAL SILOS

Natalie S. Schwartz, M.D.

MED INF 407: Legal, Ethical, and Social Issues in Medical Informatics

Final Research Paper

August 2009

2

The Burden of Co-Existing Mental Health Problems and Substance Abuse

Disorders in the United States

Danny Watt seemed to be a normal, happy 8 year old boy who enjoyed playing

the guitar. But, at age 12, he began a long slide into drug and alcohol abuse. He was 16

when he entered his first inpatient alcohol rehabilitation program, admitting to drinking

large amounts of beer, smoking marijuana on a daily basis, snorting cocaine, and taking

“unidentified pills”. At age 18, after multiple drug overdoses, he was diagnosed with

manic depression. Soon afterwards, he started having delusions and was given a second

psychiatric diagnosis of schizophrenia. Danny‟s parents refinanced their house three

times to put Danny into every substance abuse and mental health program they could

find. Eventually, he was charged with reckless driving, petty larceny, public drunkenness,

and drug possession. He once leapt from a moving train. He overdosed, swallowed rat

poison, and tried to hang himself. In February 2007, Danny was hospitalized for several

months and given the diagnoses of schizoaffective disorder, bipolar type and poly-

substance abuse. In April 2007, Danny was released, despite his parents‟ pleas to place

him in a more intensive, locked psychiatric facility. He was subsequently arrested for

reckless driving, but a six month jail sentence was suspended in exchange for him

entering a substance abuse treatment program. He violated the conditions of his

suspended sentence and was, therefore, not eligible for public services. On April 3, 2008,

he showed up at his parents‟ home crying uncontrollably. Eleven days later, his body

was pulled out of a canal near Georgetown University. The medical examiner ruled the

death as suicide. (Washington Post 2009)

The statistics in this country are staggering. About 30% of adults in the United

States will experience a mental health or substance abuse disorder over a twelve month

period. (Coffey et al 2008) Over the same time period, the U.S. Substance Abuse and

3

Mental Health Services Administration (SAMHSA) reports that almost 10 million

Americans will have a combination of at least one mental health and one substance abuse

disorder. Mental health (MH) diagnoses include such illnesses as depression, anxiety,

post-traumatic stress disorder, eating disorders, schizophrenia, and bipolar illness.

Substance abuse (SA) encompasses substance use along a continuum from abuse to

dependence to addiction. (SAMHSA). The term, “dual diagnosis” commonly refers to

patients with both severe mental illness and a drug or alcohol abuse disorder. In fact,

approximately 50% of patients with severe mental illness also have a substance abuse

disorder. (Coffey et al 2008) To further complicate the picture, adults with severe

mental health problems suffer a higher burden of chronic medical illnesses than the

general population (e.g. hypertension, HIV/AIDS, and diabetes), often as a result of

socioeconomic factors, concurrent substance abuse, medication side effects, and

unhealthy lifestyle behaviors. Dual diagnosis is associated with higher rates of relapse,

hospitalization, incarceration, homelessness, and serious infections, such as hepatitis and

HIV/AIDS. (http://www.dhs.iowa.gov/mhdd/docs/CD-2-6.ppt#324) These medical co-

morbidities lead to further mental health decline and a downward spiral of functional

status. (Horvitz-Lennon et al. 2006)

Treatment Silos for Patients with Dual Diagnosis:

“Despite almost twenty years of evidence regarding the prevalence and serious

illnesses of people with dual diagnoses, the United States mental health and substance

abuse systems continue to operate on parallel tracks, causing additional confusion to

those with concurrent disorders. In fact, for many people with dual diagnoses, the

criminal justice system is their de facto treatment system.”

4

(http://www.dhs.iowa.gov/mhdd/docs/CD-2-6.ppt#324) “What compounds the problem

for those seeking help for dual diagnosis is a medical delivery system separated into two,

sometimes competing, „silos‟ of care. If you show up for treatment for substance abuse

you may have one set of providers. Mental illness is treated by an entirely different

group, without coordination or communication, except at the most superficial level,

between the two.” (Tucson Weekly 2001) Refusal to combine services to provide

coordinated treatment has meant unnecessary suffering and expense for thousands of

patients and their families. (Burnam et al 2006)

One of the impediments to integrating MH and SA services is the treatment

philosophy differences between their workforces. Mental health service providers are

largely professionals with formal training, licenses, and credentialing within departments

of psychiatry, psychology, and social work. In contrast, the substance abuse treatment

workforce generally consists of counselors with “experience-based, rather than formal

training.” (Burnam et al 2006)

Research has shown that integrated treatment strategies which 1) approach

recovery in stages, 2) use motivational interventions and counseling, 3) emphasize social

support, 4) view recovery as a long-term, community-based process, 4) is comprehensive

(considers job placement and housing needs), and 5) is culturally competent and

sensitive, lead to improved patient compliance and better treatment outcomes (National

Alliance on Mental Illness 2009).

Administrative and Informational Silos for Patients with Dual Diagnosis:

These dual silos of care for mental health illnesses and substance abuse disorders

have had significant repercussions on patient management and payment issues. Since

5

private payers have traditionally paid at a higher rate for substance abuse treatment than

they do for psychiatric treatment, most private patients have received suboptimal

psychiatric management. “When the private system doesn‟t adequately care for people

with co-occurring disorders, they will eventually lose enough of their assets to qualify for

public care, says Joan McNamara of Compass Healthcare, and that constitutes cost

shifting into a public system which is already overburdened and under-funded.” (Tucson

Weekly 2001)

State, county, and local government agencies are primarily responsible for, and/or

direct, the many health-related services provided for dual diagnosis patients, many of

which receive federal funding. Medicaid is the primary source of federal revenue for

mental health services. In most states, state MH resources are targeted to those with

severe mental health disorders and the Medicaid eligible. And patients with severe

mental health illnesses are generally eligible for Supplemental Security Income (SSI)

through Medicaid because of their disability. State mental health budgets are used to

provide the state match to Medicaid, so they are largely driven by Medicaid policy and

regulations. In contrast, Medicaid pays for only 15% of substance abuse treatment. SA

is not a qualification for disability or Medicaid eligibility and many SA patients are not

eligible for TANF (Temporary Assistance for needy families) and associated Medicaid,

because they do not have dependent children. Furthermore, most state SA treatment

programs have tight funding and are not licensed or credentialed to provide MH services.

“As a result of Medicaid eligibility criteria, distinctive mental health and substance abuse

Medicaid benefits, and categorical block-grant funding, commingling of MH and SA

funds is virtually impossible, and blending of funds is a challenge” (Burnam et al 2006)

6

A unique feature of MH/SA care is that patients are routinely identified and

referred into the MH/SA system by agencies or organizations not part of the traditional

health care system, e.g. schools, employers, welfare, or the justice system. The same

patient may be treated by one state-funded mental health agency, a second state-funded

substance abuse agency, as well as a third privately-funded or Medicaid-funded general

medical health provider. The patient may then need other publicly funded social

services, such as job training, employment assistance, housing support, income

maintenance programs, foster care evaluation, and criminal justice follow-up. “The

overlap in public program services for clients with multiple needs leaves States with an

acute need for cross-program data at the person-level.” (SAMHSA 2007). But, due to

different federal funding streams and treatment philosophies, “states have evolved

distinctive administrative structures for MH and SA services…[which] involve separate

state-level leadership, separate licensing and quality assurance standards for provider

agencies, and separate management information systems to support reimbursement of

services and accountability…distinctive financing and regulatory environments create

challenges to unified approaches to the delivery of services even when a single state

agency is in charge.” (Burnam et al 2006) An unfortunate result of the treatment silo

system of MH and SA care is an “information silo problem”- multiple and fragmented

systems of data reporting; no information sharing on the same individual across programs

and providers for coordination of care; inadequate information for policy analysis and

effectiveness research; and difficult, if not impossible, information sharing within State

and beyond for joint program planning”. (SAMHSA 2007) Data collection within each

program is developed to address the requirements of the funders of each program, not the

the broader scope of clinical, quality improvement, or research needs of this patient

7

sector. (Burnam et al 2006) Data across the MH, SA, and Medicaid public programs

have revealed duplication of services, as well as duplicated costs and payments. (Coffey

et al 2008) Separate management information systems even make it difficult to know the

percent of MH patients with SA disorders or the percent of SA patients who receive MH

treatment. (Burnam et al 2006)

To overcome some of the silo problems described above, some states have

developed financing strategies to support dual diagnosis treatment integrated at the state

provider agency level, including “crossover funding”. (Burnam et al 2006) Some states

have made Medicaid funding more flexible, so special billing codes and service

definitions will cover co-occurring disorders. For example, state Medicaid programs in

Arizona have contracted with managed care organizations vendors to fund both MH and

SA services. Other states like Connecticut have modified licensing regulations so that

MH and SA treatment provider agencies can be cross-licensed. Arizona requires MH and

SA provider agencies to be “dual-diagnosis enhanced” or “capable” so that they can link

complementary services outside their agency (Burnam et al.2006). Standardized intake

protocols documenting co-occurring diseases, developing common service definitions,

and coding that allows “comparisons across systems and data elements that specifically

identify integrated co-occurring disorders services” are attempts at more integrated dual

diagnosis treatment. (Burnam et al. 2006)

Call for Informational Exchange in the Care of Patients with Dual Diagnosis:

The Institute of Medicine (IOM) report, Improving the Quality of Health Care for

Mental and Substance-Use Conditions, recognized that the mass of disconnected delivery

arrangements in MH and SA systems requires special care coordination and care

8

integration. According to „The President‟s New Freedom Commission on Mental Health‟

(2003) “consumers often feel overwhelmed and bewildered when they must access and

integrate mental health care and related services across multiple, disconnected providers

in the public and private sectors”. Furthermore, there is a lack of agreement about which

entity or entities should be held accountable for coordinating care. (IOM 2006) IOM has

formally called for changes in the healthcare system and the collection of data to measure

treatment outcomes in this dual diagnosis patient population. It has highlighted how MH

and SA services have lagged behind general health care services in adopting information

technology to support evidence-based treatment initiatives. (Coffey et al 2008)

Specifically, it has called upon informaticists to create patient-centered information

systems and interoperability between the information systems of Medicaid and State

mental health and substance abuse treatment programs to “satisfy different reporting

requirements and address new issues seamlessly.” (SAMHSA 2007)

A SAMHSA-sponsored project, The Integrated Database Project, revealed that

existing public programs used different concepts and data elements, incompatible

definitions for the same data elements, local coding schemes for concepts, had varying

record-keeping practices, and missing clinical elements. Subsequently, SAMHSA and

the Center for Medicaid and Medicare Services (CMS) are collaborating to promote

integration among Medicaid data systems, state mental health data systems, and state

substance abuse data systems using the Medicaid Information Technology Architecture

(MITA). (Coffey et al. 2008) The primary goal of MITA is to be „patient/consumer-

centric‟ and unconstrained by organizational silos; to collect information on Medicaid

beneficiaries from sources within and outside the Medicaid agency for purposes of

analyzing healthcare outcomes. Secondly, MITA seeks to ensure that all future Medicaid

9

systems are built according to national data and technical standards for interoperability,

to drive down administrative costs. Third, MITA encourages transparency across

Medicaid beneficiaries, care providers, and program administrators in terms of quality

standards, price standards, and interoperability of health systems. (Bazemore et al 2007)

Some states have also begun entering their siloed MH and Medicaid data into data

warehouses (but not SA data), while others are linking and de-identifying data for

research initiatives. “Efforts to build integrated databases from separate information

systems, at the back-end, after the data systems have been established independently of

each other…have been very difficult, expensive, and disappointing. The solution…is

front-end database development- compatible foundations of patient-centered reporting,

common definitions, identical codes, standard messaging, open-source architecture,

agreed upon privacy policies and security protections, and data sharing rules, among

other dimensions.” (Coffey et al 2007)

There are many barriers to creating integrated MH, SA, and general medical

systems, which must address 1) integrated patient treatment (across all providers of

MH/SA/ medical services), 2) integrated programs (proper staff or linkages with other

programs to address all of a client‟s needs), and 3) integrated systems (an organizational

structure that supports different patient programs through funding, credentialing/

licensing, data collection/reporting, needs assessment, planning, and other system

planning and operation functions). (IOM 2006) The focus of this paper, however, will be

on the current privacy safeguards, relating specifically to mental health and substance

abuse health care information, which may need to be reexamined in order to achieve

these goals.

10

Privacy Law Barriers to Data Exchange in the Care of Patients with Dual Diagnosis:

Current constraints on information exchange are imposed by four bodies of law,

1) federal Health Insurance Portability and Accountability Act (HIPAA) regulations, 2)

individual state privacy laws and regulations, 3) individual state statutes governing the

privacy of mental health medical records, and 4) the federal statute governing

confidentiality of substance abuse records. (Jost 2006)

In 1996, Congress passed The Health Insurance Portability and Accountability

Act (HIPAA), Public Law 104-191 and gave the Center for Medicare and Medicaid

(CMS) three years to enact comprehensive regulations to govern how the HIPAA law

would be implemented. Specifically, it required CMS to implement national standards to

protect the privacy of individually identifiable health information that was transmitted

electronically. CMS missed the three year deadline. It published a Final Privacy

Regulation, to implement the privacy provisions of HIPAA on December 28, 2000.

Modifications were made and re-published on August 14, 2002. Covered entities were

mandated to be in compliance with the amended regulation by April 14, 2003. The final

HIPAA rules at 45 C.F.R. § 164.502 (1a) addresses “covered entities”, which are defined

as health care providers, health plans, healthcare clearinghouses, and “business

associates” of covered entities. It directs those covered entities to not use or disclose

protected health information (PHI), in whatever form (electronic, paper, or verbal),

except under 6 conditions. These conditions are for 1) treatment, 2) payment and 3)

healthcare operations (collectively termed “TPO”), 4) by operation of law (subpoena,

court order, or public health), 5) if the covered entity obtains written patient

authorization, and 6) if there is a waiver of patient authorization from an IRB or Privacy

Committee. Expanding on the “TPO” exception, PHI can be used and disclosed for

11

purposes of treatment by attending physicians, consultants and other healthcare providers,

to process payment claims and insurance premiums, for quality assessment and

improvement activities, case management and care coordination, for public health

activities, for competency assurance activities, performance evaluation, credentialing,

accreditation, conducting/ arranging medical reviews, audits, legal services, fraud and

abuse detection, compliance programs, insurance functions (i.e. underwriting, risk rating,

and reinsuring risk), business planning, development, management, and administration,

and general administration activities. Covered entities must make reasonable efforts to

use or disclose the “minimum amount of necessary health information” to achieve its

purpose. Assuming that reasonable standards of care and safeguards are maintained,

incidental uses and disclosures of PHI are not viewed as violations of the Privacy Rule.

(Lindgren 2009)

A key exception to the Privacy Rule‟s permission to share treatment information

is included under 45 C.F.R. § 164.508 (2a). It carves out psychotherapy notes as a

special form of treatment information that may only be disclosed with patient

authorization, “except insofar as they are used by the originator of the notes or for a

covered entity‟s supervised mental health education and training purposes” (Jost 2006)

“Psychotherapy notes” means any notes (verbal, electronic, paper) by a mental health

provider “documenting or analyzing the contents of a conversation during a private

counseling session or a group, joint, or family counseling session and that are separated

from the rest of the individual‟s medical records.” (Jost 2006) They do not include

medication prescribing or monitoring, types of treatments used or frequency of

treatments, results of clinical tests, and any summary of the following items: diagnosis,

functional status, the treatment plan, symptoms, prognosis, and progress to date (45

12

C.F.R. § 164.501) Authorization to release psychotherapy notes is an especially rigorous

process, according to 45 C.F.R.§ 164.508 (c). The authorization must detail the exact

information to be disclosed, the identity of the person or class of persons who may

disclose the information and to whom the information may be disclosed, a description of

the purpose of the disclosure, an expiration for the authorization, and the signature of the

person authorizing the disclosure. Furthermore, under 45 C.F.R. § 164.508(b) and (c),

the individual who signs the authorization may revoke it at any time, a provider cannot

condition treatment on the patient‟s willingness to provide authorization, and an

authorization for release of psychotherapy notes must be maintained as a separate and

independent document. (Jost 2006) Each of the 50 states, as well as the District of

Columbia, has a number of statutes governing medical record confidentiality. In

reconciling federal and state regulations, the federal Privacy Rule provides for

preemption by those state laws which are “more stringent” than the privacy rule. “More

stringent” means that these state laws would prohibit or restrict a use or disclosure of PHI

that would be permitted under the federal Privacy Rule (45 C.F.R. § 160.203 (b)).

The legal barriers to database interoperability are further complicated by

individual state statutes specifically governing the privacy of mental health medical

records. Many states have laws governing records of patients in state mental hospitals or

mental health programs (e.g. Idaho and New York). Some states have laws governing the

records of specific mental health practitioners, including psychologists, social workers,

and counselors. In Massachusetts, the records of psychologists are confidential and no

exceptions are made for sharing of information for treatment (Mass. Gen. Laws.ch. 112 §

129A). Missouri law (Mo. Rev.Stat § 337.636) and Wyoming law (Wyo.Stat.Ann. § 33-

38-109) both apply similar restrictions for sharing of information for treatment to

13

psychologists, social workers, and professional counselors. Nebraska law (Neb.Rev.Stat§

71-1,335(1)) imposes an “absolute obligation of confidentiality on mental health

practitioners, but allows the Board of Mental Health Practice to define regulatory

exceptions. (Jost 2006) Some states, moreover, have specific statutes governing the

records of patients involuntarily committed to mental institutions (e.g. Idaho, Nebraska,

and Washington State), often with provisions that permit sharing information for the

purpose of mandating outpatient treatment. Lastly, most states have statutes that

generally govern the records of all mental patients. Such examples of strict state

mandates for mental health providers to protect patient mental health records create real

barriers for the broader concept of data-sharing and the creation of interoperable data

systems. (Jost 2006)

Since the 1970‟s, the Congress recognized that people would not enter substance

abuse treatment programs if they were subject to stigma or feared prosecution, and

subsequently enacted legislation protecting their rights to confidentiality (42 C.F.R. Part

2, or simply, Part 2) (SAMHSA 2004) Health information regarding substance abuse is

independently governed by this federal substance abuse treatment confidentiality law, 42

U.S.C. § 290dd-2. The law applies to any facility receiving federal funds for any

purpose, including Medicare or Medicaid reimbursement. It provides that “records of the

identity, diagnosis, prognosis, or treatment of any patient which are maintained in

connection with the performance of any program or activity relating to substance abuse

education, prevention, training, treatment, rehabilitation, or research, which is conducted,

regulated, or directly or indirectly assisted by any department or agency of the United

States shall be confidential and be disclosed only for the purposes and under the

circumstances expressly authorized under subsection (b) of section 42 U.S.C. § 290dd-

14

2a.” A statutory exception authorizes disclosure of information to medical personnel in a

“bona fide medical emergency”. Another exception is for communications of

information between or among personnel having a need for the information in connection

with their duties that arise out of the provision of diagnosis, treatment, or referral for

treatment of alcohol or drug abuse if the communications are within a program, or

between a program and an entity that has direct administrative control over the program

(42 C.F.R § 2.12 (c)(3)). There is also an exception for communications between a

program and a qualified service organization of information needed by the organization

to provide services to the program (42 C.F.R. § 2.12 (c)(4)). Such „qualified service

organizations‟ are defined as organizations that provide support services like billing and

data processing. (Jost 2006) Of course, substance abuse treatment information can be

disclosed with proper patient consent (42 C.F.R. § 2.33). A Part 2 consent form must be

written in plain language and include the name or general designation of the program or

person permitted to make the disclosure, the name or title of the individual or name of the

organization to which disclosure is to be made, the name of the patient, the purpose of the

disclosure, how much and what kind of information is to be disclosed, the signature of

the patient, the date on which consent is signed, a statement that the consent is subject to

revocation at any time, except to the extent that the program has already acted on it, and

the date, event, or condition upon which consent will expire if not previously revoked.

The consent form must also contain a statement not conditioning treatment on the

patient‟s willingness to authorize disclosure. Programs that disclose information via

consent must include a written statement that the information cannot be redisclosed. (42

C.F.R. § 2.32) (SAMHSA 2004) “Though the HIPAA privacy regulations do not

expressly address their relationship to the substance abuse confidentiality laws, the

15

preamble to the privacy regulations recognizes the constraints of the substance abuse

confidentiality law. It states that 1) in general, the privacy law and substance abuse law

do not conflict, and 2) wherever one is more protective of privacy than the other, the

more restrictive should govern (65 Fed.Reg.82462, 82482-82483)” (Jost 2006)

Substance abuse treatment programs must comply with Part 2, as well as the Privacy

Rule. They will continue to follow Part 2‟s general rule not to disclose information

unless they can obtain consent or point to a permissible exception. They must then

ensure that the disclosure is also permissible under the Privacy Rule (SAMHSA 2004)

Most states also have statutes that govern substance abuse records. Many are

similar to the federal law or refer back to the federal law. Some are less flexible than the

federal law, governing substance abuse counselors as licensed professionals who are

forbidden to disclose records without express content and with no treatment exception

(e.g. La.Rev.Stat.Ann. § 37:3390.4). Missouri law promises absolute confidentiality to

pregnant women for substance abuse treatment (Mo.Rev.Stat. § 191.731). New Jersey

law only permits disclosure of substance abuse records with a court order (N.J.Stat.Ann.

§ 26:2B-20). Other state statutes permit greater disclosure than the federal law, giving

sole discretion to the head of the treatment facility if that individual makes a written

determination that the disclosure is necessary for the treatment of the patient

(Kan.Stat.Ann. § 59-2979). Mississippi law allows disclosure without consent to

treatment personnel for purposes of patient treatment (Miss.Code.Ann § 41-30-33).

A state law preempts federal HIPAA regulations, as well as the federal substance abuse

confidentiality statue and regulations, when it is more protective of patient privacy. (Jost

2006).

16

To further complicate the regulatory environment of exchange of mental health

and substance abuse information, “regulations implementing HIPAA also permit health

care organizations to implement their own patient consent policies for the release of

patient information to other treating providers. As a result, health care organizations may

adopt more stringent privacy protections that require participating providers to adhere to

additional procedures before sharing patient information with other treatment providers

or organizations.” (IOM 2006)

Social and Ethical Challenges to Current Privacy Barriers:

Patients with dual diagnosis pose an excess burden on society. They are much

more likely than the general population or patients with single diagnoses of MH or SA to

be homeless or jailed. “An estimated 50% of homeless adults with serious mental

illnesses have a co-occurring substance abuse disorder…[and] 16% of jail and prison

inmates are estimated to have severe mental and substance abuse disorders. Of those

patients with co-occurring major mental illness and substance abuse, 31% committed at

least one violent act during the course of the year. (Institute of Medicine 2006). Just the

back-and-forth treatment alone currently given to non-violent persons with dual diagnosis

is costly…And violent or criminal consumers, no matter how unfairly afflicted, are

dangerous and also costly. Those with co-occurring disorders are at high risk to contract

AIDS, a disease that can affect society at large. Costs [to society] rise even higher when

these persons, as those with co-occurring disorders have been shown to do, recycle

through the healthcare and criminal justice systems again and again.” (National Alliance

on Mental Illness 2009) This societal burden, which includes criminal justice and

incarceration costs, violent crimes, homelessness, excessive use of emergency rooms for

17

routine medical care, and the public health risks and costs of treatment for communicable

diseases such as HIV, hepatitis, and tuberculosis, demands effective integrated treatment

for patients with dual diagnosis. Moral utilitarian arguments could also support the view

that the public welfare dictates interoperability of public MH and SA data systems for

purposes of individual client risk assessment, treatment, and monitoring, as well as for

research studies on populations, to measure treatment outcomes and health care costs.

In its 1996 decision (Jaffe v. Redmond), the U.S. Supreme Court wrote,

“The psychotherapist privilege serves the public interest by facilitating the provision of

appropriate treatment for individuals suffering the effects of a mental or emotional

problem. The mental health of our citizenry, no less than its physical health, is a public

good of transcendent importance.”(Surgeon General 2009)

Proposal for Legal Modifications of Privacy Laws for MH and SA Patient Health

Information:

Most stakeholders in the management of patients with dual diagnosis will

automatically invoke HIPAA as the major barrier for sharing necessary health

information. This is actually a common myth, since HIPAA permits disclosure of

individually identifiable health information (except psychotherapy notes) for purposes of

treatment, payment and health care operations- without patient consent- as a legal

exception to its privacy law. (Petrila 2007) It is, in fact, the more stringent federal and

state statutory and regulatory provisions governing the exchange of individually

identifiable MH and SA information that are the real obstacles to cross system

collaboration in this patient population. In order to achieve coordinated patient mental

health, substance abuse, and medical care, as well as public protections, a better balance

18

needs to be reached between protecting patient privacy and sharing patient health

information.

Changes in the health care industry have made state-by-state approaches to

confidentiality increasingly problematic. As discussed earlier, there are differences in

general privacy standards among states, between states and the federal government,

separate state standards for mental health information and federal standards for substance

abuse information. Within the same state there are a number of statutory provisions that

address the confidentiality of mental health information, including state mental health

law, judicial privilege statutes, laws applicable to licensed professionals, and various state

oversight laws. (Surgeon General 2009) Moreover, many states do not articulate

standards for client consent to disclosure. Access by other providers varies by state also.

“One expert described the current law governing the confidentiality of health care

information as a „crazy quilt of Federal and state constitutional, statutory, regulatory, and

case law that erodes personal privacy and forms a serious barrier to administrative

simplification”. (Surgeon General 2009)

The following discussion proposes revisions to existing health care law, state, and

federal regulations, and should be applied to all federally funded or assisted mental health

and substance abuse programs. Central to this discussion is the debate as to whether

certain types of health information really deserve greater legal protection than others in

this country and whether patients who receive public support should be allowed to

withhold health information that will impact public spending. These policy challenges

aim to create a better balance between the protections of the individual and the

protections of society.

19

First, the federal HIPAA privacy standard should cover both mental health

information and substance abuse information, individual state privacy law preemptions

should be eliminated, and the federal substance abuse confidentiality law (42 C.F.R Part

2) abolished. With these legal changes, both mental health and substance abuse personal

health information could be used and disclosed for purposes of treatment, payment, and

healthcare operations without specific patient authorization. This would include

treatment by physicians, physician extenders, certified or licensed substance abuse

counselors, social workers, and psychologists, payment claims and insurance premiums,

quality assessment and improvement activities, case management and care coordination,

public health needs, performance evaluation, credentialing, accreditation, medical

reviews, audits, legal services, fraud and abuse detection, compliance programs, business

planning and development, management and administration and general administration

activities. Safeguards, however, would obviously need to be heavily enforced, to ensure

that only the minimum amount of necessary health information is released to achieve

these activities.

Second, each state would need to create its own unified Office of Mental Health

and Substance Abuse (OMHSA), which would have direct administrative oversight of all

state-licensed mental health and substance abuse facilities (both outpatient and inpatient).

The OMSA would have responsibility for developing and maintaining 1) a federally

mandated regional provider electronic database, and 2) an interoperable payment and

health care operation database. The Office would also have responsibility for monitoring

audit trails on both databases and have the authority to impose civil and criminal

penalties for security breaches.

20

1. Federally Mandated Regional Provider Electronic Database:

A new federal law would require that all clients enrolling in federally assisted

mental health and substance abuse programs have a comprehensive intake assessment,

including a formal psychiatric evaluation, a full general medical examination, formal

drug screening, as well as an evaluation by a certified or licensed substance abuse

counselor. These evaluations would be performed by providers chosen personally by the

client (in the private or public sector) or, if the client elected, by providers assigned by

the intake facility (who may or may not be formally affiliated with the facility). Provider

names (psychiatrist/psychologist/social worker, physician, substance abuse counselor)

would be electronically stored for each client on a “provider list” within a regional mental

health electronic database, which would only be accessible to those treatment providers

on the “provider list”. All providers would need to enter the results of their intake

assessments onto formal templates, which would be stored within the database. These

provider templates could not be auto-generated with defaulted information, to prevent

unintended inaccuracies in provider entries. Electronic linkage to the Medicaid system

would bar provider service reimbursement until these intake assessments were fully

completed and authenticated by the provider. Similarly, no follow-up services by any

listed provider would be paid by public funds unless follow-up electronic treatment forms

were fully completed and provider authenticated. The regional electronic mental health

database, therefore, would serve as a provider-protected and confidential continuity

record of each client‟s psychiatric, substance abuse, and general medical care over time.

The regional provider database would need the following capabilities to reduce

the likelihood of falsification:

21

a) Access control functions: including user authentication, extensive privilege

assignment and control features,

b) Capability to attribute the entry, modification, or deletion of information to a

specific individual or subsystem.

c) Capability to log all activity

d) Capability to synchronize a common date and time across all components of the

system

e) Data entry editing with capability of verifying validity of all information on entry,

checking for duplication and conflicts, controlling and limiting automatic creation of

information or auto-population of information on provider templates. (AHIMA 2009)

The database would be secured with message-by-message encryption, digital

certificate authentication and digital signatures. State OMHSA‟s would be responsible

for vetting the licenses and credentials of all provider types and for setting policies and

procedures for all providers who receive password access. These policies would outline

system functionality, system security, legal and regulatory standards for use and

disclosure of sensitive PHI and use of electronic health records. All providers would be

required to sign formal electronic contracts confirming that they were sufficiently

educated regarding the above and that they understood these policies and procedures.

Signed contracts would be a requirement for public reimbursement of provider services.

Civil and possibly, criminal sanctions, would be imposed on providers who intentionally,

or unintentionally, allowed surrogates password access to the database.

The new privacy standard would permit disclosure of all mental health and

substance abuse information within the regional mental health electronic database to

22

outside treating health care providers not listed on the electronic “provider field”-without

specific patient authorization- i.e. for treatment purposes only. For instance, if a patient

in the database sought care from an outside provider, hospital, or facility, the newly

treating physician or substance abuse counselor could query the regional database for

mental health information and/or substance abuse information without the patient‟s

specific authorization. The new provider would be electronically logged into the system

and given password-protected access after appropriate system vetting of credentials,

licensure, provider education, and contract signature. The provider‟s name would be

added to the patient‟s electronic “provider list”. The patient would not have the right to

limit access by treating providers, but would have the right to request a list of providers

who have had access to his/her records.

The regional provider database would be monitored for abnormal patterns of

activity, including entries at unusual times, or unusual repetition of particular entries. As

required by the HIPAA Title II security rule CFR Part 136.316(b)(1), audit trails would

be maintained within the electronic database. Rigorous auditing procedures would be

monitored by State OMHSA‟s, to ensure that only authorized providers were using the

system. Furthermore, there would be system-generated warnings to State OMHSA‟s of

attempted unauthorized access. (AHIMA 2009). To prevent intentional or unintentional

disclosure of patient MH or SA information, the electronic medical record would not

allow patient health information to be printed out on paper. An exception would be

made, following written authentication procedures, for court subpoena of patient records.

23

2. An Interoperable Payment and Health Care Operation Database

A target date would be set for all federally funded or federally assisted mental

health and substance abuse programs to adopt a separate interoperable electronic health

information database to be used for all payment and health care operations permitted

under the HIPAA privacy rule exceptions. This front-end database development would

create compatible foundations of patient-centered reporting, common definitions,

identical codes, standard messaging, open-source architecture, agreed upon privacy

policies and security protections, and data sharing rules between federally funded

agencies. The database would have internal electronic safeguards and controls, and

password protections to ensure that users have limited access based upon the nature of

their responsibilities (i.e. “least privilege”), and that only the minimum amount of

necessary mental health/substance abuse health information would be shared for its

intended purpose. Non-disclosure agreements would be created with all recipient

agencies of individual patient mental health and substance abuse information. State

OMHSA‟s would regulate the database and perform regular and frequent monitoring of

audit trails. A description of the content of information disclosed, as well as the name of

the person authorizing the release of information, would be maintained in audit trails and

retained in audit logs, according to state and/or federal laws. The system would be

rigorously monitored for unusual patterns of activity, attempts at unauthorized access,

and spikes in the number of people accessing a particular patient‟s record. Anyone

compromising protected health information within the database or using such information

inappropriately would be subject to civil and criminal penalties. The new law governing

use and disclosure of mental health and substance abuse information would permit

patients to “opt out” of disclosure of sensitive mental health/ substance abuse information

24

to payers and third party reviewers; patients would not be refused mental health or

substance abuse care based on willingness to disclose sensitive personal health

information, but would not receive public funding for such services.

Some patients with dual diagnosis are currently protected by federal civil rights

laws, which prohibit discrimination in many areas of life against qualified “individuals

with disabilities”. Such patients are defined as having a current “physical or mental

impairment” that “substantially limits one or more of that person‟s major life activities,

such as caring for one‟s self, working, etc. Patients who have addictions which

“substantially limit major life activities” are also protected by federal non-discrimination

laws. (U.S.Department of Health and Human Services 2009). These laws include The

Americans with Disabilities Act (ADA), The Rehabilitation Act of 1973, The Fair

Housing Act (FHA), and The Workforce Investment Act (WIA). People who currently

use illegal drugs and people whose use of alcohol or drugs pose a “significant risk of

substantial harm to the health and safety of others” are not protected under these non-

discrimination laws. (U.S.Department of Health and Human Services 2009). Dual

diagnosis patients protected under non-discrimination laws, as well as those not protected

by these laws, commonly apply for employment, medical leave from employment, job

training, housing, and certain government services and programs, including educational

and training programs, welfare, child-care assistance, and student loans. However, for

those patients protected by non-discrimination laws, there may still be limits on public

eligibility because of personal drug use or drug-related criminal activity. For instance,

the Quality Housing and Work Responsibility Act requires public housing agencies,

Section 8, and other federally assisted housing providers to limit public housing to

anyone evicted because of drug-related criminal activity (possession or sale) for 3 years

25

after eviction, if a household member abuses drugs or alcohol in a manner “that may

interfere with the health, safety, or right to peaceful enjoyment of the premises by other

residents”, or if a household member has engaged in drug-related criminal activity within

“ a reasonable time of the application”. (U.S.Department of Health and Human Services

2009). The Federal Welfare Law (The Personal Responsibility and Work Opportunity

Act of 1996) imposes a “lifetime ban on Federal cash assistance and food stamps for

anyone convicted of a drug-related felony (possession or sale) after August 22, 1996.

Twelve states currently do not impose the ban and 21 others have modified bans,

allowing people who show they are getting rehabilitated, to become eligible again.

Furthermore, the Higher Education Act of 1998, makes “students convicted of drug

offenses (possession or sale) ineligible for federally funded student loans, grants, or work

assistance for different lengths of time depended on the type of offense and repeated

offenses”. (U.S.Department of Health and Human Services 2009). Currently, all states

must comply with this federal education law. Lastly, the Department of Transportation

Appropriation Amendment offers “federal financial incentives to State that agree to

revoke or suspend, for at least 6 months, the driver‟s license of anyone convicted of a

drug offense (drug-related driving offenses, drug possession or sale)” which many states

choose not to opt out of. (U.S.Department of Health and Human Services 2009). Clearly,

many public agencies rely on updated health information, regarding substance abuse and

mental health, to determine client eligibility for services. A new uniform federal law

must be enacted, with administrative oversight by state OMHSA‟s, to permit public

agencies access, via computer key, to a restricted layer of the electronic regional provider

database. This layer would contain the minimum amount of protected health information

for such public agencies to determine eligibility for services, including whether the client

26

is actively complying with both substance abuse rehabilitation services and psychiatric

monitoring, past and current criminal charges and penalties, and previous agency refusal

of services. All parties coming into possession of a client‟s protected health information

(psychiatric, substance abuse, and general health information), which include the above-

mentioned public agencies, as well as schools, correctional facilities, and child welfare/

foster care programs, would be required to sign non-disclosure agreements. Strong

firewall protections and electronic audit trails would need to be rigorously monitored by

state OMHSA for appropriateness, as well as for suspicious activity. State OMHSA‟s

would be mandated by federal law to impose criminal sanctions upon persons responsible

for privacy breaches of personal mental health and/or substance abuse information. In

addition, all these public agencies require some degree of informational exchange for the

purposes of patient treatment, payment, client evaluation, research, monitoring treatment

outcomes, quality assurance activities, and public health purposes. These agencies would

require limited access to the payment and healthcare operation database, which would

contain interoperable codes and terminology to permit seamless informational exchange.

All States currently have laws requiring substance abuse treatment programs to

report suspected child abuse and neglect. Is not the intention of the proposed revisions in

federal and state laws, described herein, to mandate reporting of patients who actively

seek treatment for their substance abuse problems. The revisions would continue to

protect patient confidentiality in these situations unless there was concern about danger of

harm to a child. Business agreements with public agencies, which would have computer

access to the interoperable electronic database, would need to include specific non-

disclosure statements preventing those agencies from disclosing mere substance abuse

information to criminal authorities, without appropriate evidence of harm to a child.

27

Furthermore, the dually diagnosed are at high risk of criminal activity. Compared

to offenders with mental illness alone, the dually diagnosed are more likely to be serving

sentences related to their substance use. These offenses are most commonly public order

offenses, property crimes, and drug-dealing offenses. “Spending time in a correctional

facility leaves this population with a triple stigma to contend with on return to the

community. These patients are not preferred candidates for rehabilitation programs or

residential communities, nor are they medically compliant”. (Hartwell 2004) Upon

release from jail, they are likely to be homeless and to violate probation. They usually

are too impaired to understand the risks of their behaviors, and frequently recidivate to

correctional custody, further isolating them from societal norms and incapacitating them

functionally. (Hartwell 2004)

More and more dually diagnosed patients are being incarcerated with longer jail

sentences, yet psychiatric treatment and rehabilitation services in correctional facilities

are seriously under-funded and overcrowded. “There is little or no continuity of care

between correctional and community mental health and substance abuse services. As a

rule there is no communication with community providers at the time of incarceration,

and individuals whose condition may have deteriorated in prison are released directly to

the community with no transition planning…This is true even for inmates who have been

housed in super-maximum security units until the day of their release.” (AACP 2009)

Unless there is an integrated care approach to inmate release planning, successful

community integration is unlikely. (Osher et al. 2003)

Federal laws would need to mandate state OMHSA‟s to create dedicated

departments to provide administrative oversight of mental health and substance abuse

care within, and transitioning out of, correctional health care facilities. State and federal

28

laws would need to mandate service contracts between correctional facilities and

community mental health, substance abuse, and medical providers. All correctional

health facility and community-based providers would need password-protected access to

the regional provider electronic database. This access would not require patient

authorization. Correctional health facility regulations would require the discharging

medical, psychiatric, and substance abuse providers to complete a correctional discharge

template within the database system, which would include, but would not be limited to, a

summary of the patient‟s medical, mental health, and substance abuse history and

treatment during confinement, diagnoses, medications and dosages, legal status, as well

as a transition plan to the community. Formal business agreements would need to be

created with those community facilities assuming mental health, substance abuse, and

general medical care. These facilities would have access to the payment and healthcare

interoperable database on a limited privilege basis and would need to sign non-disclosure

agreements.

Conclusion:

Dual diagnosis patients are currently cared for in treatment and informational

silos. There is little cross collaboration between general medical providers, psychiatric

providers, and substance abuse counselors, which hinders effective treatment. Federal

and state laws, related to use and disclosure of mental health and substance abuse health

information, have been enacted to protect patient confidentiality and to empower patients

to seek treatment without fear of stigma or reprisals that will adversely affect

employment, public assistance, or parental rights. Unfortunately, these federal and

varying state laws are often conflicting and extremely confusing, even to stakeholders.

29

More importantly, specific patient consent statutes have created roadblocks to providing

integrated treatments that have been demonstrated to be effective in this patient

population.

The American Recovery and Reinvestment Act of 2009 earmarked $19 billion in

federal funds for the expansion of health information technology, to make the conversion

from paper medical records to electronic health records a national priority, in the belief

that this will improve both patient safety and health care quality, while lowering costs.

(Wikipedia 2009) Using the transformational power of health information technology,

separate electronic patient databases can be created so that patient mental health,

substance abuse, and general medical health information can be shared just among

providers or between providers and third parties. Patient authorization would not be

required for treatment, payment, or health care operations, because patient confidentiality

could be ensured via the operational design of these innovative technologies as well as by

rigorous state department oversight, rather than by confusing laws.

REFERENCES:

American Association of Community Psychiatrists. (2009). Position Statement of AACP

on Persons with Mental Illness Behind Bars. Retrieved August 10, 2009 from:

https://www.com/psych.pitt.edu/finds/mibb.html

American Health Information Management Association: HIM Body of Knowledge.

Guidelines for EHR Documentation to Prevent Fraud and Appendix C: Steps to

30

Prevent Fraud in EHR Documentation. Retrieved August 7, 2009 from:

http://library.ahima.org

Burnam, M. Audrey and Katherine E. Watkins., (2006). Substance Abuse with Mental

Disorders: Specialized Public Systems and Integrated Care. Health Affairs,

May/June 2006:25(3):648-658.

California Healthcare Foundation (2008). A Delicate Balance: Behavioral Health, Patient

Privacy, and The Need to Know. Issue Brief. March 2008. Retrieved August 12,

2009 from:

www.gwumc.edu/sphhs/departments/healthpolicy/CHPR/downloads/ADelicateBa

lanceHealthAndPrivacy.IB.pdf

Centers for Medicare and Medicaid Services/ SAMSA. (2007). Increasing

Interoperability in Health Information Systems for Medicaid, Mental Health, and

Substance Abuse Treatment. Conference January 24-25, 2007.

Coffey, Rosanna, Buck, J., Kassed, C., Dilonardo, J., Forhan, C., Marder, Wm., and

R.Vandivort-Warren. (2008). Transforming Mental Health and Substance Abuse

Data Systems in the United States. Psychiatric Services, November 2008,

59 (11): 1257-63.

Coffey, Rosanna, Chalk, M., and J. Dilonardo. (2007). Increasing Interoperability in

Health Information Systems- What is the Value to Healthcare Stakeholders-

Consumers, Providers, State and Federal Governments and Taxpayers? Presented

at the Conference for Medicaid, Mental Health, and Substance Abuse Treatment,

January 24-25, 2007.

Hartwell, Stephanie. (2004). Triple Stigma: Persons with Mental Illness and Substance

31

Abuse Problems in the Criminal Justice System. Criminal Justice Policy Review,

March 2004, 15(1): 84-99.

Horvitz-Lennon, M., Kilbourne, A., and H.Pincus. (2006). From Silos to Bridges:

Meeting the General Health Care Needs of Adults with Severe Mental Illnesses.

Health Affairs, May/June 2006. 25(3): 659-669.

Institute of Medicine (2006). Improving the Quality of Health Care for Mental and

Substance-Use Conditions: Quality Chasm Series. Chapter 5: Coordinating Care

for Better Mental, Substance-Use, and General Health.

Jackman, Tom., (2009). Dual Disorders Rarely Treated Properly. The Washington Post,

July 28, 2009.

Jost, Timothy. (2006). Improving the Quality of Health Care for Mental and Substance-

Use Conditions: Quality Chasm Series. Appendix B: Constraints on Sharing

Mental Health and Substance-Use Treatment Information Imposed by Federal and

State Medical Privacy Laws. 2006.

Lindgren, Karen. (2009). Healthcare Data: Privacy and Security Issues in Medical

Informatics. Powerpoint Presentation. Masters of Medical Informatics 407.

Malek, Linda A. and Brian Krex. (2009). HIPAA and Mental Health Information:Know

the Law. Retrieved July 20, 2009 from:

http://library.ahima.org/xpedio/groups/public/documents/ahima/bok3

Mental Health: A Report of the Surgeon General. Chapter 7: Confidentiality of Mental

Health Information: Ethical, Legal, and Policy Issues. Retrieved July 30, 2009

from: http://www.surgeongeneral.gov/library/mentalhealth/chapter7/ref7.html

32

Munday, M.F.(2001). Silos of Care: If you‟re mentally ill and addicted to drugs, private

insurers may farm you out to public providers. Tucson Weekly, November 15,

2001. Retrieved July 27, 2009 from:

http://www.tucsonweekly.com/tucson/silos-of-care

Osher, F., Steadman, H., and H. Barr, (2003). A Best Practice Approach to Community

Reentry From Jails for Inmates with Co-Occurring Disorders: The APIC Model.

Crime and Delinquency, January 2003. 49(1) : 79-91.

Petrila, John. (2007). Some Thoughts on HIPAA and Cross-System Collaboration.

Presented at the CMS/SAMHSA Conference for Medicaid, Mental Health, and

Substance Abuse Treatment. January 24-25, 2007

U.S. Department of Health and Human Services. (2004). The Confidentiality of Alcohol

and Drug Abuse Patient Records Regulation and the HIPAA Privacy Rule:

Implications for Alcohol and Substance Abuse Programs. June 2004.

U.S. Department of Health and Human Services. (2009) Substance Abuse and Mental

Health Services Administration. Center for Substance Abuse Treatment. Know

your Rights.

U.S. Department of Health and Human Services. OCR Privacy Brief: Summary of the

HIPAA Privacy Rule. April 2003. pages 1-23.

Wikipedia (2009). American Recovery and Reinvestment Act of 2009. Retrieved

August 3, 2009 from:

http://wikipedia.org/wiki/American_Recovery_and_Reinvestment_Act_of_2009

33