Federal Initiatives Relating to Data Sharing
There are a variety of federal initiatives that have aimed to facilitate data sharing to benefit individual care. These include:
- The Health Insurance Portability and Accountability Act (HIPAA) of 1996 required the establishment of national data standards for health care business transactions. Standards have been set for eligibility determination, enrollment, and health care claims used in fee-for-service systems.
- HIPAA also required the adoption of the National Provider Identifier (NPI); a standard unique identifier for health care providers.
- The Health Information Technology initiative of 2004 of the U.S. Department of Health and Human Services set a ten-year goal of implementing electronic health records for most Americans.
- SAMHSA identified data sharing and electronic health records as major goals of its data strategy.
- The Medicaid Information Technology Architecture (MITA), created by the Centers for Medicare and Medicaid Services (CMS), aims to support improved care quality through integrated and patient-centered information systems and program administration. SAMHSA and CMS are collaborating to promote integration among Medicaid data systems, state mental health data systems, and state substance abuse data systems by using the MITA framework.
Strict laws and regulations about the confidentiality of individual's behavioral health information must be considered during efforts to improve data sharing. This includes:
- The HIPAA Privacy Rule which establishes requirements for the protection of identifiable health information
- The HIPAA Security Rule which establishes security standards for protected health information that is held or transferred in electronic form
- 42 CFR Part 2, the federal confidentiality regulation associated with substance abuse treatment
- Any applicable state laws or regulations.
While these rules put in place important data protections, they do not erect impossible barriers to data sharing. HIPAA allows disclosure of identified health data without the individual's consent under restricted circumstances, including for routine health care operations, public health activities, and research. However, disclosure requirements for substance abuse treatment data are more stringent; 42 CFR Part 2 permits disclosure and use of person-level substance abuse treatment data without client consent only for limited program purposes—audits, program evaluation, and research—but not for routine health care operations outside the organization. Thus, independent substance abuse treatment professionals may not share data about individual clients without client consent.
Data sharing strategies used by behavioral health agencies include:
- Designing an individual's consent into data systems
- Designating different levels of authorized access to personally identifiable information on a "need-to-know" basis
In addition, states with mental health and substance abuse departments in the same agency may be able to share information since both 42 CFR Part 2 and HIPAA permit sharing of personally identifiable information between components of the same organization with authority to collect the data.
The Behavioral Health Integrated Provider System, or BHIPS, is an internet-based computer system for behavioral health providers developed by the Texas Commission on Alcohol and Drug Abuse. BHIPS supports a comprehensive service delivery system. It provides a management information system that offers:
- cost efficient support of provider networks
- Web-based computerization of record keeping
- Data sharing within a service network
- Automated release of confidential information based on an individual's consent
- Role-based authorization to protected health information
- Support of state and federal reporting requirements
Resources and Links
This article describes how data systems can enhance care quality, with attention paid to confidentiality, and steps for reforming behavioral health data systems.
This document provides a summary of key elements of the HIPAA Privacy Rule including who is covered, what information is protected, and how protected health information can be used and disclosed.
The Confidentiality Of Alcohol And Drug Abuse Patient Records Regulation And The HIPAA Privacy Rule: Implications For Alcohol And Substance Abuse Programs
This document provides guidance to substance abuse treatment programs that are subject to and already complying with the confidentiality requirements of 42 CFR Part 2. It explains which programs must also comply with the HIPAA Privacy Rule and outlines what compliance will require.
This website provides an overview of the Behavioral Health Integrated Provider System, or BHIPS, a nationally-recognized, Davies Award-winning, Internet-based computer system for behavioral health providers that supports a comprehensive service delivery system. BHIPS facilitates integrated service provision, includes electronic client consent, and meets state and federal requirements for data reporting.