Colin J. Zick writes:
On November, 7, 2025, I spoke to the Massachusetts Health Information Management Association about the federal government’s sweeping updates to 42 CFR Part 2—the confidentiality rules governing substance use disorder (SUD) records—to better align with HIPAA while preserving Part 2’s core patient protections. Issued in April 2024 with a two-year runway, the rule becomes enforceable on February 16, 2026. Organizations subject to Part 2 should be executing their implementation plans now to update notices, consents, contracts, workflows, and training.
At a high level, the revisions modernize consent to support integrated care; harmonize definitions, notices, enforcement, and breach obligations with HIPAA; and maintain strict limits on using SUD records against patients in legal proceedings. What follows is a concise summary of the most consequential changes and their operational implications.
The most significant change is the introduction of a single, durable patient consent that authorizes future uses and disclosures of Part 2 records for treatment, payment, and health care operations. Once a HIPAA covered entity or business associate receives Part 2 records under this consent, it may use and redisclose the records in accordance with HIPAA.
Read more at Foley Hoag.