42 C.F.R. Subpart D—Disclosures Without Patient Consent
Title 42 - Public Health
(a) General Rule. Under the procedures required by paragraph (c) of this section, patient identifying information may be disclosed to medical personnel who have a need for information about a patient for the purpose of treating a condition which poses an immediate threat to the health of any individual and which requires immediate medical intervention. (b) Special Rule. Patient identifying information may be disclosed to medical personnel of the Food and Drug Administration (FDA) who assert a reason to believe that the health of any individual may be threatened by an error in the manufacture, labeling, or sale of a product under FDA jurisdiction, and that the information will be used for the exclusive purpose of notifying patients or their physicians of potential dangers. (c) Procedures. Immediately following disclosure, the program shall document the disclosure in the patient's records, setting forth in writing: (1) The name of the medical personnel to whom disclosure was made and their affiliation with any health care facility; (2) The name of the individual making the disclosure; (3) The date and time of the disclosure; and (4) The nature of the emergency (or error, if the report was to FDA).
Title 42: Public Health
PART 2—CONFIDENTIALITY OF ALCOHOL AND DRUG ABUSE PATIENT RECORDS
Subpart D—Disclosures Without Patient Consent
§ 2.51 Medical emergencies.
§ 2.52 Research activities.
(a) Patient identifying information may be disclosed for the purpose of conducting scientific research if the program director makes a determination that the recipient of the patient identifying information:
(1) Is qualified to conduct the research;
(2) Has a research protocol under which the patient identifying information:
(i) Will be maintained in accordance with the security requirements of §2.16 of these regulations (or more stringent requirements); and
(ii) Will not be redisclosed except as permitted under paragraph (b) of this section; and
(3) Has provided a satisfactory written statement that a group of three or more individuals who are independent of the research project has reviewed the protocol and determined that:
(i) The rights and welfare of patients will be adequately protected; and
(ii) The risks in disclosing patient identifying information are outweighed by the potential benefits of the research.
(b) A person conducting research may disclose patient identifying information obtained under paragraph (a) of this section only back to the program from which that information was obtained and may not identify any individual patient in any report of that research or otherwise disclose patient identities.
[52 FR 21809, June 9, 1987, as amended at 52 FR 41997, Nov. 2, 1987]
§ 2.53 Audit and evaluation activities.
(a) Records not copied or removed. If patient records are not copied or removed, patient identifying information may be disclosed in the course of a review of records on program premises to any person who agrees in writing to comply with the limitations on redisclosure and use in paragraph (d) of this section and who:
(1) Performs the audit or evaluation activity on behalf of:
(i) Any Federal, State, or local governmental agency which provides financial assistance to the program or is authorized by law to regulate its activities; or
(ii) Any private person which provides financial assistance to the program, which is a third party payer covering patients in the program, or which is a quality improvement organization performing a utilization or quality control review; or
(2) Is determined by the program director to be qualified to conduct the audit or evaluation activities.
(b) Copying or removal of records. Records containing patient identifying information may be copied or removed from program premises by any person who:
(1) Agrees in writing to:
(i) Maintain the patient identifying information in accordance with the security requirements provided in §2.16 of these regulations (or more stringent requirements);
(ii) Destroy all the patient identifying information upon completion of the audit or evaluation; and
(iii) Comply with the limitations on disclosure and use in paragraph (d) of this section; and
(2) Performs the audit or evaluation activity on behalf of:
(i) Any Federal, State, or local governmental agency which provides financial assistance to the program or is authorized by law to regulate its activities; or
(ii) Any private person which provides financial assistance to the program, which is a third part payer covering patients in the program, or which is a quality improvement organization performing a utilization or quality control review.
(c) Medicare or Medicaid audit or evaluation. (1) For purposes of Medicare or Medicaid audit or evaluation under this section, audit or evaluation includes a civil or administrative investigation of the program by any Federal, State, or local agency responsible for oversight of the Medicare or Medicaid program and includes administrative enforcement, against the program by the agency, of any remedy authorized by law to be imposed as a result of the findings of the investigation.
(2) Consistent with the definition of program in §2.11, program includes an employee of, or provider of medical services under, the program when the employee or provider is the subject of a civil investigation or administrative remedy, as those terms are used in paragraph (c)(1) of this section.
(3) If a disclosure to a person is authorized under this section for a Medicare or Medicaid audit or evaluation, including a civil investigation or administrative remedy, as those terms are used in paragraph (c)(1) of this section, then a quality improvement organization which obtains the information under paragraph (a) or (b) may disclose the information to that person but only for purposes of Medicare or Medicaid audit or evaluation.
(4) The provisions of this paragraph do not authorize the agency, the program, or any other person to disclose or use patient identifying information obtained during the audit or evaluation for any purposes other than those necessary to complete the Medicare or Medicaid audit or evaluation activity as specified in this paragraph.
(d) Limitations on disclosure and use. Except as provided in paragraph (c) of this section, patient identifying information disclosed under this section may be disclosed only back to the program from which it was obtained and used only to carry out an audit or evaluation purpose or to investigate or prosecute criminal or other activities, as authorized by a court order entered under §2.66 of these regulations.
Browse Previous | Browse Next
