Correspondence: Betty Tai, Center for the Clinical Trials Network, National Institute on Drug Abuse, 6001 Executive Blvd, Room 3120, Bethesda, MD 20892, USA, Tel +1 301 443 6697, Email vog.hin.liam@iatb
Copyright © 2011 Hu et al, publisher and licensee Dove Medical Press LtdThis is an Open Access article which permits unrestricted noncommercial use, provided the original work is properly cited.
Many Americans with substance use problems will have opportunities to receive coordinated health care through the integration of primary care and specialty care for substance use disorders under the Patient Protection and Affordable Care Act of 2010. Sharing of patient health records among care providers is essential to realize the benefits of electronic health records. Health information exchange through meaningful use of electronic health records can improve health care safety, quality, and efficiency. Implementation of electronic health records and health information exchange presents great opportunities for health care integration, but also makes patient privacy potentially vulnerable. Privacy issues are paramount for patients with substance use problems. This paper discusses major differences between two federal privacy laws associated with health care for substance use disorders, identifies health care problems created by privacy policies, and describes potential solutions to these problems through technology innovation and policy improvement.
Keywords: substance abuse, patient privacy, electronic health records, health information exchangeHealth information technology (HIT), briefly defined as electronic information systems used to support health care operations, is increasingly recognized as essential for the improvement of quality, safety, and efficiency in individual health care1,2 and public health.3 Wide implementation of HIT in US health care is long overdue. The most profound action with respect to HIT taken by the Obama administration and the US Congress was enactment of the Health Information Technology for Economic and Clinical Health Act.4,5 This legislation will provide a total of $19 billion in cash incentives to health care providers who implement and “meaningfully use” electronic health records (EHR) systems in the next few years.2
The required “meaningful use” of EHRs is expected to increase evidence-based medical practice, facilitate management of complicated chronic diseases, and reduce medical errors and control health care costs.6 Vista, the US Department of Veteran Affairs EHR system, for example, is one of the nation’s most comprehensive EHR systems. Diabetic patients in Vista have better control of timing of eye examinations, blood low-density lipoprotein cholesterol measurement, and hemoglobin A1c testing compared with patients in the private sector, where HIT is much less comprehensive.7 The cumulative net return of the investment in Vista was over $3 billion as of 2007.7
A key component of the “meaningful use” of EHRs is health information exchange (HIE) across traditional business boundaries in health care.3 Sharing information, such as sending a discharge summary to a patient’s subsequent care providers and transmitting and sharing laboratory results between a patient’s providers8 may improve health care quality and lead to cost reductions. HIE can save lives in an emergency when prompt diagnosis and treatment are crucial. HIE can also benefit public health through increased monitoring and analysis of aggregated health data.9
However, widespread implementation of EHRs and HIE raises concerns about potential breaches of the privacy, security, and confidentiality of individually identifiable health information (IIHI, ie, protected health information). The electronic transmission and sharing of IIHI among various entities over the Internet10 increases the numbers of people, chiefly providers and researchers, who see information considered to be private. Privacy issues are paramount for patients with substance use problems due to stigma, discrimination, potential prosecution, and loss of employment. The longstanding privacy concerns related to substance abuse health records are heightened by the widespread use of HIT, hindering the integration of primary health care and specialty care for substance abuse.11,12 These concerns, if not addressed and resolved properly, can deter patients from seeking treatment or providing accurate information to their care providers, and thus downgrade the value of EHRs for the care of patients with substance use problems. In response to these issues, this paper reviews and contrasts the two major federal laws impacting privacy protection for substance abusers seeking health care. Emphasis is placed on issues associated with the laws that must be addressed to provide adequate privacy protection and promote the integration of specialty substance abuse treatment with primary care.
The Health Insurance Portability and Accountability Act (HIPAA) of 199613 was the first federal law to address privacy and security standards broadly and provide federal protection for IIHI. HIPAA has been amended over the years to accommodate the advancement of HIT. Generally, it establishes national standards to protect individuals’ medical records and other personal health information from unwanted disclosure or use. A complete explanation of the HIPAA can be found under the Code of Federal Regulations (CFR) title 45, Parts 160, 162, and 164 (http://www.gpoaccess.gov/cfr/index.html). The HIPAA Privacy Rule provides federal protections for IIHI held by covered entities and gives patients the right to examine their health care records and to request corrections if they believe the records are inaccurate or misleading. The rules are balanced so that they provide protection of IIHI while permitting minimal necessary disclosure of health information without a patient’s authorization such as for treatment, payment, health care operations [§164.502 (a) (b)] or exceptional requirements allowed by law (§164.512, http://www.access.gpo.gov/nara/cfr/waisidx_07/45cfr164_07.html). Of note, the standards in the HIPAA Privacy Rule are minimum requirements for all health care providers, but may be insufficient to protect privacy and confidentiality of IIHI related to substance use conditions. Patients with substance use problems are generally cautious about substance use-related information in their health records due to the potential illegality of their behaviors. A breach of privacy can have a significantly negative impact on their health, employment, health insurance, social relationships, and even legal rights. The US Congress has long recognized that health information gathered from patients with substance use problems is especially sensitive. The Confidentiality of Alcohol and Drug Abuse Patient Records (42 CFR Part 2) regulations were issued in 197514 and revised in 1987.15 This has been a cornerstone in protecting the IIHI confidentiality of a drug abuse patient. 42 CFR Part 2 specifies that substance abuse treatment programs are not permitted to disclose any patient information that would directly or indirectly identify a patient having previous or current alcohol or drug abuse problems, unless the patient’s written consent is obtained. There are very limited exceptions to the requirement of written consent specified in 42 CFR Part 2. These include medical emergencies (Subpart D §2.51), qualified scientific research, audit or program evaluation (Subpart D §2.52–2.53), court ordered criminal investigation against patients or personnel of the program (Subpart E §2.61–2.67), and suspected child abuse or neglect [§2.12 (c) (6)].
Consent may not be required between administrative contact of two 42 CFR Part 2 programs, within the same program, or for organizations that have direct administrative control of the program [§2.12 (c) (3) (4)].16 However, the 42 CFR Part 2 regulations are not widely known by mainstream medical doctors because the regulations only apply to substance abuse treatment programs.
Violation of either regulation carries civil penalties. Enforcement of HIPAA was strengthened in 2009 to accommodate widespread implementation of HIT, HIE, and EHR pursuant to the Health Information Technology for Economic and Clinical Health Act, and fines can be up to $50,000 for each violation.17
The HIPAA has more flexible disclosure standards, but imposes stiffer penalties for violators, whereas 42 CFR Part 2 has more stringent disclosure standards, but imposes less severe penalties. Major differences in these two laws and regulations discussed above are summarized in Table 1 . 42 CFR Part 2 along with the HIPAA has provided a double layer of privacy protection for patients who seek care in substance abuse treatment programs. In addition, many states have their own privacy laws related to IIHI which cannot be overridden by federal laws.18,19 Therefore, the end result is that the most stringent law must be followed regarding disclosure of IIHI associated with substance use.
Major differences between HIPAA and 42 CFR Part 2
| HIPAA (45 CFR Parts 160, 162 and 164) | Confidentiality of alcohol and drug abuse patient records (42 CFR Part 2) |
|---|---|
| Applies to all health care providers | Applies only to federally funded facilities (directly or indirectly) specializing in substance abuse treatment. Private providers are not regulated |
| Permits minimal necessary disclosure of protected health information without patient authorization [§164.502 (a) (b), §164.512] | Requires written consent and authorization from patients for any IIHI disclosure to third parties (Subpart C §2.31) with few exceptions (Subpart C §2.33) |
| Civil penalty for each case of violation of HIPAA is at least $100 and up to $50,00017 | Civil penalty for first case of violation is $500, increased to $5000 for each additional case of violation (§2.4) |
| Patients have the right to access and examine their health care records and to request amendment [164.526 (a)] or accounting of disclosure of their protected health information [164.528 (a) (3)]. | Right of patients to access their health records is not prohibited [§2.23 (a)], but request of amendment or accounting of disclosure is not specified in the regulation. |
Abbreviations: HIPAA, Health Insurance Portability and Accountability Act of 1996; IIHI, individually identifiable health information; CFR, Code of Federal Regulations.
The limited application of 42 CFR Part 2 to specialty substance abuse treatment facilities and the discrepancies between HIPAA and Part 2 are becoming serious issues affecting the integration and coordination of health care for patients with substance use conditions. The implementation of 42 CFR Part 2 has increased trust between patients with substance use problems and their care providers in substance abuse treatment programs. However, it has also contributed to a separation of substance abuse specialty care from mainstream medical care. Separation of health care delivery systems creates two problems, ie, a lack of preventive and treatment measures in the primary care setting for substance use problems and a lack of effective communication and coordination among different types of health care delivery systems.
Patients who have substance use problems are not routinely screened or treated in the general medical care setting although the literature continues to show the cost-effectiveness of screening, early diagnosis, and intervention for substance use problems.20 For example, there is abundant evidence supporting screening and brief intervention for alcohol use problems among adults in primary care settings.21–32 Evidence is also emerging for the efficacy of screening and brief intervention for illicit drug use in primary care settings.33–37 Yet, screening and brief intervention are not routinely employed in primary care, let alone other general medical settings.23,24,38 The potential benefits of screening and brief intervention have pushed forward federal efforts to disseminate screening and brief intervention through federal demonstration pilot projects across the country.39 As we move closer to the integration of substance abuse specialty care and primary care, health care practitioners struggle to understand which regulations are applicable. The discrepancies and differences between the HIPAA and 42 CFR Part 2 cause considerable confusion for practitioners on how to provide services for patients with substance use problems appropriately without risking violation of privacy laws.
There would be very limited effective communication between these two types of providers if we were to integrate care without modifying either law. Failure in communication between primary care and substance abuse specialty care providers can cause critical medical errors and put patient safety at risk. For instance, if a substance abuse specialty care provider withholds a patient’s substance use records from the general medical doctor, the patient could die from overdose of opioids prescribed for pain management,40 or fatal drug-drug interactions.41,42 These issues have increasingly become a major public health threat in the US and in the world.42–44 The success of US health care reform with respect to treatment for substance abuse will largely depend on balancing the need for efficient and effective health care and the need for protection of patient privacy. Whether and how the HIPAA and 42 CFR Part 2 can be integrated and synchronized is one of the keys to the integration of primary and substance abuse specialty care. The innovation of health information technology can help accelerate the integration, but must be governed by meaningful and practical policies. Next, we will discuss challenges and opportunities of both technologies and policies in confronting privacy issues.
Health data segmentation is a practice rooted in various federal and state laws addressing the stigma against alcohol and drug abusers. It is “the process of sequestering from capturing, accessing or viewing certain data elements that are perceived by a legal entity, institution, organization, or individual as being undesirable to share”.45 IIHI, such as genetic information, psychotherapy notes, and substance abuse treatment records, can be sequestered and prevented from disclosure through data segmentation technology. Data segmentation in the context of national EHR and HIE systems must be more complicated than that in the “paper” health care systems or within a closed local computerized system, systems on which the concept was formulated. To allow workable segmentation, substance use-related information must be entered using specific structures and codes. Free text is not accepted for programming segmentation.45 This requirement can be challenging for practitioners accustomed to writing text notes to record behavioral health medical histories. Data segmentation must be ruled by the degree of consent granted by the patient. A patient’s Consent Directive is their own privacy policy about what IIHI is to be disclosed, to whom, under what circumstances, and in which period of time. A Consent Directive could become considerably sophisticated with the ability to protect patient autonomy and privacy through masking information undesired for disclosure. A Consent Directive can include instructions for overriding the “masking”, in which individuals (eg, patient’s preauthorized physicians) who have permission to access the “shared secrets” can override the masking of IIHI under a specific condition. For patients with substance use problems, a Consent Directive may be especially effective against undue disclosure of medical information, enhancing consumer satisfaction with and trust in modern EHR systems. However, an unintended consequence of granular or inconsistent consent policies is that access to a patient’s critical health record could become so complicated and costly that health care providers might be deterred from retrieving and using the health records for appropriate health care.
A recent Consent Directive data standardization milestone in May 2010 was the release of the HL7 Implementation Guide for Clinical Data Architecture Release 2.0 based on the mapping of HL7 Version 3 Domain Analysis Model: Medical Records and Composite Privacy Consent Directive Domain Analysis Model Data Standard for Trial Use Release 2.46 The domain analysis model will enable the automation of data segmentation in serving Consent Directive and privacy protection. The domain analysis model includes the following core electronic consent options:47 no consent; opt out (default option is included for HIE, but patients can opt out completely); opt out with exceptions (default option is included for HIE, but patients can completely or partially opt out); opt in (default option is not included for HIE, with option for all opt out); and opt in with restrictions (default option is not included for HIE, but with options for partial selected data for HIE).46 At this point, data segmentation automation technology is still at its infancy. In August 2010, the Policy and Security Tiger Team workgroup recommended to the Office of National Coordinator for Health Information Technology, an organization within the Department of Health and Human Services to oversee the HIT development and implementation, that “it is critical to educate patients to understand to which level their preferences can be practically honored before a technical solution for data segmentation is applied”.48 Although data segmentation and automation are technically complex, policy challenges involving human factors are even more arduous.
Privacy policy-makers need to first define what is “ sensitive” information in the EHR. In general, information that potentially harms a patient either physically, socially, psychologically, or economically in the event of disclosure is considered “sensitive” health information. The National Committee on Vital and Health Statistics has recently refined their recommended categories of sensitive information to include genetic information, psychotherapy notes, substance abuse treatment records, sexually transmitted diseases, mental health, children/adolescent sexuality, and reproductive health information.49 However, the definition of “sensitive information” can be subjective because different people have different perspectives in this regard. Hence, an agreement upon “sensitive information” among various stakeholders, especially among patients, health care providers, and payers will be essential to policy-making. On the other hand, one must recognize that data segmentation is not the purpose, but rather a procedure to protect patient privacy. Segmented data should be made accessible for relevant health care purposes. Only better communication would lead to better health care.
It is essential to determine who has the authority to control information disclosure and what limits can be placed on that authority. Patients with sensitive substance use information are likely to desire to have full or partial control of their IIHI. In an Agency for Healthcare Research and Quality 2009 consumer engagement focus group study, almost all consumers reported that they should be given some control over how their health data should be shared.50 The report implies the importance of engaging health care consumers in the data segmentation process. In contrast with patients, health care providers may feel they must have sufficient accessibility to patients’ critical health data to ensure the quality of care and the accuracy of the health records.
While the EHR system provides an excellent platform for data sharing, the benefits of EHRs cannot be fully realized without sharing critical health information, such as a patient’s prescription records of controlled substance use, and history of alcohol and illicit drug use. American public health has been seriously challenged by a five-fold increase in opioid overdose-caused deaths coinciding with a ten-fold increase in prescribed opioids over the last two decades.40,51 To confront both this public health crisis and increased privacy concerns in the HIT era, policy-makers must determine whether, when, and how to modify and reconcile federal and state regulations and policies. Americans may then harvest the most returns from the massive federal investment in the EHR system.
Further, inhibiting the disclosure of critical IIHI can be as harmful as undesired disclosure of IIHI, and raises ethical questions. Of note, neither the HIPAA nor 42 CFR (Part 2) has explicitly stated a health care provider’s responsibility or obligation to disclose any IIHI, including potentially harmful health information. For instance, should a health care provider disclose a school bus driver patient’s alcoholism to a third party even if the patient does not authorize it? In such a case, abiding by privacy laws may contradict a physician’s “do no harm” Hippocratic Oath. When privacy laws, which are created for ethical reasons, force a physician to choose against ethical principles, should we consider revision of the policy? If sacrificing one person’s privacy can protect the lives of hundreds of others, is it fair to choose to protect more and innocent lives? The amendment of 42 CFR Part 2 to permit disclosure of substance abuse patients’ IIHI without authorization against suspected child abuse or neglect is a good example of federal action to protect child welfare [42 CFR Part 2 §2.63 (a) (1), §2.12 (c) (6)].
Indeed, the tension between promoting safe, effective health care and protecting patient privacy has increased recently. An amendment to 42 CFR Part 2 was proposed by a committee of attorneys with the aim of easing health care providers’ access to patients’ IIHI for necessary health care needs.52 One of the main proposed modifications for 42 CFR Part 2 was to remove the requirement of written consent for any disclosure associated with IIHI, and instead permit “minimum necessary disclosure” without written consent, which is a privacy standard covered under HIPAA. The proposal triggered strong opposition from patient privacy rights groups that have been strongly recommending the consent requirement in 42 CFR Part 2 be extended to all medical practice and incorporated into the “meaningful use” of EHR stage 2 criteria.53,54 Indeed, it would not make sense to modify 42 CFR Part 2 against patients’ wishes because privacy protection is a priority for many patients with substance use problems. Lessons learned from the Massachusetts eHealth Collaborative are that a successful HIE model “can only be as good as patients’ willingness to share their medical data”.55 The Department of Health and Human Services and Substance Abuse and Mental Health Services Administration have been exploring technical solutions within the legal framework of HIPAA and 42 CFR Part 2 laws and regulations.16,56
There remains tension between patient privacy concerns and public health good until adequate technical and regulatory solutions are in place. It may take years to solve these problems given the complexity of US health care systems. Perhaps important lessons can be learned from other health care systems, such as those implemented by the Europeans and Canadians, who have experience in optimizing their national EHR and HIE projects.57 As the US is moving forward to develop the most appropriate HIE models and privacy policies, “building trust” and establishing solid accountability mechanisms are essential to promote the implementation of EHRs and HIE.12,58,59 Trust built upon separation of health care must be replaced by trust within a competent, trustful, and integrated health care system.
The promise of new health care reform in reducing disparities for underserved patients with substance use problems will not be realized if critical health records cannot be shared as needed between health care providers. However, inconsistencies in the existing privacy laws and their implementing regulations must be resolved through advanced information technologies and improvement of health information regulations to ensure meaningful health care integration. Appropriate models for HIE and EHRs are under development to accommodate the established federal and states laws governing the sharing of health information of patients with substance use problems. Federal and state governments must support innovations in health information technology and take action to amend privacy policies. A meaningful and practical privacy policy should provide good balance between the need for protecting patient privacy and the need for health care providers to access critical patient health information. The integration of primary care and substance abuse specialty care will not be feasible, meaningful, or sustainable until this balance is reached.
Disclosures
BT and SS are employees of the Center for the Clinical Trials Network of the National Institute on Drug Abuse, the National Institutes of Health, the funding agency for the National Drug Abuse Treatment Clinical Trials Network. The opinions expressed in this manuscript are those of the authors and do not represent the official position of the US government. LLH has no disclosures to report.
1. Chaudhry B, Wang J, Wu S, et al. Systematic review: impact of health information technology on quality, efficiency, and costs of medical care. Ann Intern Med. 2006 May 16; 144 (10):742–752. [PubMed] [Google Scholar]
2. Blumenthal D. Stimulating the adoption of health information technology. N Engl J Med. 2009 Apr 9; 360 (15):1477–1479. [PubMed] [Google Scholar]
3. Hersh W. A stimulus to define informatics and health information technology. BMC Med Inform Decis Mak. 2009; 9 :24. [PMC free article] [PubMed] [Google Scholar]
4. United States. Congress (111th Congress Public Law 5) Stimulus: American Recovery and Reinvestment Act of 2009 Public Law 111–5 Official Text. Lanham, MD: Government Institutes/Bernan Press; 2009. [Google Scholar]
5. Centers for Medicare and Medicaid Services Medicare and Medicaid programs; electronic health record incentive program. Final rule Fed Regist. 2010 Jul 28; 75 (144):44313–44588. [PubMed] [Google Scholar]
6. O’Connor PJ, Sperl-Hillen JM, Rush WA, et al. Impact of electronic health record clinical decision support on diabetes care: a randomized trial. Ann Fam Med. 2011 Jan-Feb; 9 (1):12–21. [PMC free article] [PubMed] [Google Scholar]
7. Byrne CM, Mercincavage LM, Pan EC, Vincent AG, Johnston DS, Middleton B. The value from investments in health information technology at the US Department of Veterans Affairs. Health Aff (Mill-wood) 2010 Apr; 29 (4):629–638. [PubMed] [Google Scholar]
8. Kuperman GJ. Health-information exchange: why are we doing it, and what are we doing? J Am Med Inform Assoc. 2011 Jun 14; [PMC free article] [PubMed] [Google Scholar]
9. Shapiro JS, Mostashari F, Hripcsak G, Soulakis N, Kuperman G. Using health information exchange to improve public health. Am J Public Health. 2011 Apr; 101 (4):616–623. [PMC free article] [PubMed] [Google Scholar]
10. Simon SR, Evans JS, Benjamin A, Delano D, Bates DW. Patients’ attitudes toward electronic health information exchange: qualitative study. J Med Internet Res. 2009; 11 (3):e30. [PMC free article] [PubMed] [Google Scholar]
11. Salomon RM, Blackford JU, Rosenbloom ST, et al. Openness of patients’ reporting with use of electronic records: psychiatric clinicians’ views. J Am Med Inform Assoc. 2010 Jan-Feb; 17 (1):54–60. [PMC free article] [PubMed] [Google Scholar]
12. McGraw D, Dempsey JX, Harris L, Goldman J. Privacy as an enabler, not an impediment: building trust into health information exchange. Health Aff (Millwood) 2009 Mar-Apr; 28 (2):416–427. [PubMed] [Google Scholar]
13. United States. Congress (104th 2nd session: 1996) Health Insurance Portability and Accountability Act of 1996: Conference report (to accompany HR 3103) Washington, DC: US GPO; 1996. [Google Scholar]
14. US Department of Health Education and Welfare Confidentiality of alcohol and drug abuse patient records. Fed Regist. 1975 May 9; 40 (91):20522–20542. [PubMed] [Google Scholar]
15. US Department of Health and Human Services Confidentiality of alcohol and drug abuse patient records–PHS. Final rule Fed Regist. 1987 Jun 9; 52 (110):21796–21814. [PubMed] [Google Scholar]
16. Substance Abuse and Mental Health Services Administration (SAMHSA) The Confidentiality of Alcohol and Drug Abuse Patient Records Regulation and The HIPAA Privacy Rule: Implications for Alcohol and Substance Abuse Programs 2004http://www.samhsa.gov/HealthPrivacy/docs/SAMHSAPart2-HIPAAComparison2004.pdfAccessed July 10, 2011
17. US Department of Health and Human Services HIPAA administrative simplification: enforcement. Interim final rule; request for comments. Fed Regist. 2009 Oct 30; 74 (209):56123–56131. [PubMed] [Google Scholar]
18. National Institutes of Health (NIH) How Do Other Privacy Protections Interact With the Privacy Rule? HIPAA Privacy Rule Information for Researchers [Government Educational Material]2007http://privacyruleandresearch.nih.gov/pr_05.aspAccessed July 14, 2011
19. New York State Office of Mental Health New York State Office of Mental Health HIPAA Preemption Analysis HIPAA Home 2011http://www.omh.state.ny.us/omhweb/hipaa/preemption_html/mhlarticlefederallaw.htmAccessed July 10, 2011
20. Phillips RL, Jr, Bazemore AW. Primary care and why it matters for US health system reform. Health Aff (Millwood) 2010 May; 29 (5):806–810. [PubMed] [Google Scholar]
21. Saitz R, Palfai TP, Cheng DM, et al. Brief intervention for medical inpatients with unhealthy alcohol use: a randomized, controlled trial. Ann Intern Med. 2007 Feb 6; 146 (3):167–176. [PubMed] [Google Scholar]
22. Maciosek MV, Coffield AB, Edwards NM, Flottemesch TJ, Goodman MJ, Solberg LI. Priorities among effective clinical preventive services: results of a systematic review and analysis. Am J Prev Med. 2006 Jul; 31 (1):52–61. [PubMed] [Google Scholar]
23. Fleming MF, Mundt MP, French MT, Manwell LB, Stauffacher EA, Barry KL. Benefit-cost analysis of brief physician advice with problem drinkers in primary care settings. Med Care. 2000 Jan; 38 (1):7–18. [PubMed] [Google Scholar]
24. Bradley KA, Williams EC, Achtmeyer CE, Volpp B, Collins BJ, Kivlahan DR. Implementation of evidence-based alcohol screening in the Veterans Health Administration. Am J Manag Care. 2006 Oct; 12 (10):597–606. [PubMed] [Google Scholar]
25. Ballesteros J, Duffy JC, Querejeta I, Arino J, Gonzalez-Pinto A. Effi-cacy of brief interventions for hazardous drinkers in primary care: systematic review and meta-analyses. Alcohol Clin Exp Res. 2004 Apr; 28 (4):608–618. [PubMed] [Google Scholar]
26. Madras BK, Compton WM, Avula D, Stegbauer T, Stein JB, Clark HW. Screening, brief interventions, referral to treatment (SBIRT) for illicit drug and alcohol use at multiple healthcare sites: comparison at intake and 6 months later. Drug Alcohol Depend. 2009 Jan 1; 99 (1–3):280–295. [PMC free article] [PubMed] [Google Scholar]
27. Smith PC, Schmidt SM, Allensworth-Davies D, Saitz R. Primary care validation of a single-question alcohol screening test. J Gen Intern Med. 2009 Jul; 24 (7):783–788. [PMC free article] [PubMed] [Google Scholar]
28. Fleming MF, Graham AW. Screening and brief interventions for alcohol use disorders in managed care settings. Recent Dev Alcohol. 2001; 15 :393–416. [PubMed] [Google Scholar]
29. Saitz R, Horton NJ, Cheng DM, Samet JH. Alcohol counseling reflects higher quality of primary care. J Gen Intern Med. 2008 Sep; 23 (9):1482–1486. [PMC free article] [PubMed] [Google Scholar]
30. US Preventive Services Task Force Screening and behavioral counseling interventions in primary care to reduce alcohol misuse: recommendation statement. Ann Intern Med. 2004 Apr 6; 140 (7):554–556. [PubMed] [Google Scholar]
31. Bertholet N, Daeppen JB, Wietlisbach V, Fleming M, Burnand B. Reduction of alcohol consumption by brief alcohol intervention in primary care: systematic review and meta-analysis. Arch Intern Med. 2005 May 9; 165 (9):986–995. [PubMed] [Google Scholar]
32. Fleming MF. Screening and brief intervention in primary care settings. Alcohol Res Health. 2004; 28 (2):57–62. [PMC free article] [PubMed] [Google Scholar]
33. Smith PC, Schmidt SM, Allensworth-Davies D, Saitz R. A single-question screening test for drug use in primary care. Arch Intern Med. 2010 Jul 12; 170 (13):1155–1160. [PMC free article] [PubMed] [Google Scholar]
34. Office of National Drug Control Policy (ONDPC) Screening and Brief Intervention. Washington DC: The White House; 2008. [Google Scholar]
35. Saitz R, Alford DP, Bernstein J, Cheng DM, Samet J, Palfai T. Screening and brief intervention for unhealthy drug use in primary care settings: randomized clinical trials are needed. J Addict Med. 2010 Sep; 4 (3):123–130. [PMC free article] [PubMed] [Google Scholar]
36. Gordon AJ, Fiellin DA, Friedmann PD, et al. Update in addiction medicine for the primary care clinician. J Gen Intern Med. 2008 Dec; 23 (12):2112–2116. [PMC free article] [PubMed] [Google Scholar]
37. Saitz R, Horton NJ, Larson MJ, Winter M, Samet JH. Primary medical care and reductions in addiction severity: a prospective cohort study. Addiction. 2005 Jan; 100 (1):70–78. [PubMed] [Google Scholar]
38. Mulia N, Schmidt LA, Ye Y, Greenfield TK. Preventing disparities in alcohol screening and brief intervention: The need to move beyond primary care. Alcohol Clin Exp Res. 2011 May 20; [PMC free article] [PubMed] [Google Scholar]
39. Office of National Drug Control Policy (ONDCP) Screening, Brief Intervention, Referral and Treatment 2008http://www.whitehouse-drugpolicy.gov/publications/pdf/screen_brief_intv.pdfAccessed July 25, 2011
40. Paulozzi LJ, Weisler RH, Patkar AA. A national epidemic of unintentional prescription opioid overdose deaths: how physicians can help control it. J Clin Psychiatry. 2011 May; 72 (5):589–592. [PubMed] [Google Scholar]
41. Burrows DL, Hagardorn AN, Harlan GC, Wallen ED, Ferslew KE. A fatal drug interaction between oxycodone and clonazepam. J Forensic Sci. 2003 May; 48 (3):683–686. [PubMed] [Google Scholar]
42. Phillips DP, Barker GE, Eguchi MM. A steep increase in domestic fatal medication errors with use of alcohol and/or street drugs. Arch Intern Med. 2008 Jul 28; 168 (14):1561–1566. [PubMed] [Google Scholar]
43. Jones AW, Kugelberg FC, Holmgren A, Ahlner J. Drug poisoning deaths in Sweden show a predominance of ethanol in mono-intoxications, adverse drug-alcohol interactions and poly-drug use. Forensic Sci Int. 2011 Mar 20; 206 (1–3):43–51. [PubMed] [Google Scholar]
44. Rehm J, Mathers C, Popova S, Thavorncharoensap M, Teerawattananon Y, Patra J. Global burden of disease and injury and economic cost attributable to alcohol use and alcohol-use disorders. Lancet. 2009 Jun 27; 373 (9682):2223–2233. [PubMed] [Google Scholar]
45. Goldstein MM, Rein AL, Heesters MM. Data Segmentation In Electronic Health Information Exchange Privacy and Security Whitepa-per Series 2010http://healthit.hhs.gov/portal/server.pt?open=512&objID=1147&parentname=CommunityPage&parentid=10&mode=2&in_hi_userid=11113&cached=true&in_hi_userid=11673Accessed April 27, 2011
46. Health Level Seven . ConsentDirective_CDA_IG_DSTU. Ann Arbor, MI: Health Level Seven, Inc; 2010. Implementation Guide for CDA Release 2.0 Privacy Consent Directive Draft Standard for Trial Use Levels 1, 2 and 3 Universal Realm. [Google Scholar]
47. Goldstein MM, Rein AL. Consumer Consent Options for Electronic Health Information Exchange: Policy Considerations and Analysis Privacy and Security Whitepaper Series 2010http://healthit.hhs.gov/portal/server.pt?open=512&objID=1147&parentname=CommunityPage&parentid=10&mode=2&in_hi_userid=11113&cached=true&in_hi_userid=11673Accessed July 10, 2011
48. Privacy and Security Tiger Team Draft Letter to David Blumenthal, Chair, HIT Policy Committee Privacy and Security Tiger Team: Past Meetings (Aug 16 2010) 2010http://healthit.hhs.gov/portal/server.pt?open=512&mode=2&objID=2833&PageID=19477Accessed July 18, 2011
49. National Committee on Vital and Health Statistics (NCVHS) Recommendations Regarding Sensitive Health Information 2010http://www.ncvhs.hhs.gov/101110lt.pdfAccessed July 18, 2011
50. Schneider SJ, Kerwin J, Robins C, Dean D. Consumer Engagement in Developing Electronic Health Information Systems Final Report. Rockville, Maryland: Agency for Healthcare Research and Quality, US Department of Health and Human Services; 2009. AHRQ Publication No. 09-0081-EF July 2009. [Google Scholar]
51. Centers for Disease Controls and Prevention Prescription Drug Overdoses: An American Epidemic Public Health Grand Rounds 2011http://www.cdc.gov/about/grand-rounds/archives/2011/01-February.htmAccessed July 25, 2011
52. The Patient Protection Coalition A Proposal to Promote Coordination of Care and to Strengthening Patient Protections under the Federal Alcohol and Drug Abuse Confidentiality Law Febuary 2010www.law.virginia.edu/pdf/faculty/bonnie_patientprotection.pdfAccessed April 27, 2011
53. Deborah CP. Re: HIT policy committee meaningful use workgroup request for comments regarding meaningful use stage 2 February252011http://patientprivacyrights.org/wp-content/uploads/2011/03/PPR-MU-Stage-2-Comments.pdfAccessed April 27, 2011
54. Legal Action Center Confidentiality of alcohol and drug records in the 21st century Executive Summary Policy Papers January2010http://www.lac.org/doc_library/lac/publications/Confidentiality_of_Alcohol_and_Drug_Records_in_the_21st_Century-1-20-10.pdfAccessed July 10, 2011
55. Tripathi M, Delano D, Lund B, Rudolph L. Engaging patients for health information exchange. Health Aff (Millwood) 2009 Mar-Apr; 28 (2):435–443. [PubMed] [Google Scholar]
56. Substance Abuse and Mental Health Services Administration (SAMHSA) Frequently Asked Questions: Applying the Substance Abuse Confidentiality Regulations to Health Information Exchange (HIE) 2010http://www.samhsa.gov/HealthPrivacy/docs/EHR-FAQs.pdfAccessed July 14, 2011
57. Pritts J, Connor K. The Implementation of E-consent Mechanisms in Three Countries: Canada, England, and the Netherlands (The ability to mask or limit access to health data) 2007http://www.samhsa.gov/HealthPrivacy/docs/Privacy-eConsent-ThreeCountries.pdfAccessed July 16, 2011
58. Gravely SD, Whaley ES. The next step in health data exchanges: trust and privacy in exchange networks. J Healthc Inf Manag Spring. 2009; 23 (2):33–37. [PubMed] [Google Scholar]