The U.S. Department of Health and Human Services (HHS) today displayed in the Federal Register a delegation of authority from Secretary Robert F. Kennedy, Jr., to the Office for Civil Rights (OCR) to administer and enforce the “Confidentiality of Substance Use Disorder (SUD) Patient Records” regulations at 42 CFR part 2 (“Part 2”), which protect the privacy of patients’ SUD treatment records.
In February 2024, HHS published a final rule modifying the Part 2 regulations to implement section 3221 of the Coronavirus Aid, Relief, and Economic Security (CARES) Act, to increase coordination among providers treating patients for SUDs, strengthen confidentiality protections through civil enforcement, align certain Part 2 requirements with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules, and enhance integration of behavioral health information with other medical records to improve patient health outcomes. The final rule provides the public with the ability to file complaints alleging violations of the Part 2 confidentiality provisions, requires Part 2 programs to provide notification of breaches of Part 2 records, and implements in regulation HHS’s civil enforcement authority, including the potential for civil money penalties for violations of Part 2.
The delegation of authority to OCR to administer and enforce the “Confidentiality of SUD Patient Records” regulations includes the authority to:
- Enter into resolution agreements, monetary settlements, and corrective action plans, or impose civil money penalties for failures to comply with these requirements;
- Issue subpoenas requiring the attendance and testimony of witnesses and the production of any evidence that relates to any matter under investigation or compliance review for failure to comply with these requirements; and
- Make decisions regarding the interpretation, implementation, and enforcement of these requirements.
Persons subject to these regulations must comply with the applicable requirements of the 2024 final rule by February 16, 2026.
A fact sheet on the final rule may be found at: https://www.hhs.gov/hipaa/for-professionals/regulatory-initiatives/fact-sheet-42-cfr-part-2-final-rule/index.html
Source: HHS OCR