Navigating Confidentiality in First Responder Deflection
CoE-PHI Resource Describing How Privacy Laws Apply to First Responders
First responders often gain access to sensitive information about people’s substance use disorders (SUD) and treatment. Protecting the privacy of this information is key to these individuals’ recovery. It also is required by law.
This resource explains the limited circumstances under which two federal privacy laws apply to SUD information obtained by first responders. It also describes how these laws permit first responders to share protected health information.
Please note that the CoE-PHI Team is currently working on an updated version of this resource that will reflect the 2024 final rule changes to 42 CFR Part 2.
Key Points
- First responders only are required to follow HIPAA if they are a “covered entity.” To be a covered entity, they need to provide healthcare and transmit health information electronically for certain transactions, such as billing.
- Part 2 only applies to “Part 2 programs” and “lawful holders.” First responders will rarely be a Part 2 program, which generally is a program that primarily provides SUD treatment.
- First responders who receive patient records from a Part 2 program will become a “lawful holder.” As a lawful holder, they must follow Part 2’s privacy and security restrictions for that information.
Type
Laws
Author
- CoE-PHI
Date
May 2022