There different aspects of health and even if a person’s health problem is caused by the person himself, it gives no one any right to use that person’s health information without the person’s permission. What is dangerous to a person’s psychological health is also dangerous to the person’s behavioral health. To this end, the Health Insurance Portability and Accountability Act (HIPAA) tries to protect individual’s behavioral health by ensuring that such information also come under the HIPAA’s Protected Health Information (PHI). If a health care provider collects substance abuse information about a patient, it will be treated as a Protected Health Information (PHI) and will only be disclosed or used with the patient’s authorization.
The Health Insurance Portability and Accountability Act (HIPAA) Rules makes it mandatory that a health care provider or its Business Associate (BA) protects any substance abuse information that is collected about a patient the same way any PHI would be protected. It is also important that you understand that there are other Privacy laws that is there to guide against unhealthy use and disclosure of a patient’s substance abuse information. There are state Privacy laws that are even more stringent with the handling of substance abuse information than the HIPAA. This implies that you might be complying with the HIPAA Privacy Rules but at the same time violating a state privacy law on the use and disclosure of a patient’s substance abuse information. In other to avoid this happening, you would have to review the state law where your practice is resident.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule only allows you to disclose to another Covered Entity (CE) the health information of a patient without a patient’s authorization, except for psychotherapy notes made about the patient for the purposes of making treatment, payment, and health care operations, as long as no other state law applies.