Confidentiality of Substance Use Disorder Patient Records Rule
Rooted in 1970s laws, this rule protects patient-identifying information held by federally funded substance abuse treatment programs. It requires written consent, restricts redisclosure, and lists narrow exceptions. Violations are criminal ($500 first, $5,000 subsequent). It does not preempt stricter state law.
This rule descends from the 1970 Comprehensive Alcohol Abuse Act and the 1972 Drug Abuse Prevention Act. It covers Patient-identifying information held by a Program that receives federal funding and provides substance abuse diagnosis, treatment, or referral. It also restricts information that could substantiate criminal charges about drug or alcohol use.
Disclosure requires written patient consent; a general designation may permit disclosure to entities with a treating relationship, and the patient may request a list of recipients. Redisclosure of identifying information is prohibited.
- Medical emergencies
- Scientific research
- Audits and evaluations
- Communications with a qualified service organization (QSO)
- Crimes on program premises or against program personnel
- Child abuse reporting
- Court order
Violations are criminal: a first offense is fined no more than $500, subsequent offenses no more than $5,000, reported to the U.S. Attorney's Office. Entities are likely also subject to HIPAA, and the rule does not preempt stricter state law.