HIPAA & SAMHSA 42 CFR Part 2 Updates: Ensure Compliance & Protect Patient Data

​This webinar will be addressing how practice/ business managers (or compliance officers) need to ensure their organization/ practice is complying with the new changes for the Federal Substance Abuse and Mental Health Administration (SAMHSA) regulations (42 CFR Part 2) and the HIPAA Privacy Rule.

​This webinar will cover the latest updates which were released in 2024 and cover multiple scenarios and FAQs relating to Substance Abuse Records, Mental Health Records, Alcohol Abuse Records, and the proper ways to secure this information and/or release this information. The webinar will also cover the new updates relating to the HIPAA Privacy Rule, specifically the Right of Access, Information Sharing, and Notice of Privacy Practices An overview of a comparative analysis will be presented comparing SAMHSA to the HIPAA laws relating to protected health information in general.

​Learning Objectives

• ​Understanding how to implement changes relating to SUD health records

• ​Understanding the 2024 HIPAA Privacy Updates

• ​How HIPAA and Part 2 are being merged

• ​Unique risks for SUD records

• ​Understanding consents (differences between HIPAA and SAMHSA)

• ​Emailing/ Texting PHI (do’s and don’ts)

• ​How to comply with new Part 2 rules

​Areas Covered in the Session

• ​What exactly is SAMHSA?

• ​What is the Vision?

• ​42 CFR Part 2

• ​Patient Record Confidentiality (CFR Title 42: Part 2)

• ​Confidentiality of Alcohol and Drug Abuse Patient Records (CFR Title 42: Part 2)

• ​Federal Assistance Checklist

• ​Does 42 CFR Part 2 Apply to My Practice?

  • ​Example 1: Opioid Treatment Program

  • ​Does Part 2 Apply To ABC?

  • ​Can ABC Disclose SUD Information?

  • ​How Can ABC Disclose?

  • ​Example 2: Mixed Use Facility

  • ​Example 3: Accountable Care Organization (ACO)

  • ​Example 4: Integrated Care Setting

• ​Medical Records Are Not Created Equal

• ​Separating SUD Records from Normal Medical Records

• ​SAMHSA vs HIPAA

• ​42 CFR Part 2 Rulemaking

• ​Issuance of the Notice of Proposed Rulemaking (NPRM)

• ​What Has Changed?

  • ​Compliance Date and Deadlines – Feb 16, 2026

  • ​Applicability and Re-Disclosure

  • ​Disposition of Records

  • ​Consent Requirements

  • ​Disclosures Permitted w/ Written Consent

  • ​Disclosures to Central Registries and PDMPs

  • ​Medical Emergencies

  • ​Audit and Evaluation

  • ​Undercover Agents and Informants

  • ​Other changes that Are implemented

• ​How can one get access to patient’s information under SAMHSA 42 CFR Part 2

• ​Train Staff on Email Hacking Tricks

• ​What is Ransomware?

• ​Ransomware - Major Concern for 2024 and Beyond

• ​What does OCR say?

• ​2024 Mobile Devices – Protect PHI

• ​Private Legal Remedies

• ​FAQ’s relating to Part 2 and HIPAA

• ​HIPAA Resources

• ​SAMHSA Resources

• ​Best Proactive Actions

​Suggested Attendees

• ​Healthcare Executive and Directors

• ​Physicians and NPPs

• ​Practice Managers

• ​Substance Abuse Clinics (Both for Profit and Non-Profit)

• ​Business Associated who Work with Mental Health, Substance Abuse, or Alcohol Abuse Records

• ​Medical Billing Companies

• ​Medical Billing Managers and Staff

• ​IT Officers

• ​Compliance Officers

• ​Home Health Agencies

• ​Healthcare Attorneys

• ​HIPAA Privacy Officers

• ​HIPAA Security Officers

• ​Information Security Officers

• ​Risk Managers

• ​Health Information Managers

• ​Medical Office Manager

• ​Healthcare Business associates (Shredding, data storage, systems vendors, billing services, etc.)

• ​Records Release Manager and Staff

​About the Presenter

​Brian L Tuttle is a Certified Professional in Health IT (CPHIT), Certified HIPAA Professional (CHP), Certified HIPAA Administrator (CHA), Certified Business Resilience Auditor (CBRA), Certified Information Systems Security Professional (CISSP) with over 22 years’ experience in Health IT and Compliance Consulting.

​With vast experience in health IT systems (i.e. practice management, EHR systems, imaging, transcription, medical messaging, etc.) as well as over 22 years’ experience in standard Health IT with multiple certifications and hands-on knowledge, Brian serves as compliance consultant and has conducted onsite and remote risk assessments for over 1000 medical practices, hospitals, health departments, insurance plans, and business associates throughout the United States.

​In addition, Mr. Tuttle has served in multiple litigated court cases serving as an expert witness offering input related to best practices and requirements for securing and providing patient access to protected health information.  Mr. Tuttle has also worked directly with the Office of Civil Rights (OCR) both in defending covered entities and business associates as well as being asked by the Federal government to audit covered entities and business associates on behalf of the OCR.

​Almost all of Brian’s clients are earned by referral with little or no advertising. Brian is well known and highly regarded in medical circles throughout the United States for his quality work and down home southern charm. Mr. Tuttle has a Master’s Degree in The Study of Law from the University of Georgia and operates nationally out of Swainsboro, GA.

​Additional Information

​System Requirement:

• ​Internet Speed: Preferably above 1 MBPS

• ​Headset: Any decent headset and microphone which can be used to hear clearly

​For more information, you can reach out to the below contact:

​Toll-Free No: 1-302-444-0162

​Email: care@skillacquire.com