Good afternoon everyone. My name is Dina Passman and I am Public Health Advisor on SAMHSA’s Health Information Technology Team. I want to welcome everyone to today’s webinar on 42 CFR Part 2: Beliefs and Scenarios. This is the second webinar in our SAMHSA Health IT summer webinar serial. Before we begin, there are few housekeeping parts for today’s webinar. First of all, this webinar is being recorded and will be made available on SAMHSA’s website in the near future. In addition, a PDF version of the slide deck will be sent to attendees following the webinar, which you can feel free to share with friends and collaborators. All strings are currently softened. If you have questions for the presenters, satisfy sort them into the questions box in the GoToWebinar panel on the right hand side of your screen. Finally, at the end of the webinar we will have a question and answer session in order to address all matters that you may have.We looked forward to receiving doing that with you. The purpose and learning objectives of today’s webinar are as follows: To learn more about the legal implications of the HIPAA Privacy Rule and 42 CFR Part 2, which I will exactly call “Part 2” now to save some of my breath. We are going to review the mechanisms of working with 42 CFR Part 2( I lied) to share information between providers and finally to understand how electronic health records and their current health IT environment influences compliance with Part 2. As a quick rejection, this webiner is for information purposes simply and is not intended as legal advice. Specific questions regarding federal regulation should be allocated to your legal counsel in addition to any commonwealth or regional regulations that may apply here. We are lucky to have 3 experts with us today who will lead us through this investigate of 42 CFR Part 2. They include Kate Tipping, Deborah Reid and Katie O’Neil. Kate Tipping is a Public Health Advisor at SAMHSA and a are part of the SAMHSA Health IT Team.Previously she was a Policy Analyst at the Office of the National Coordinator for Health Information Technology, or ONC. She was also a Public Health Analyst at the Health Resource and Assistance Administration, or HRSA. Deborah Reid is a Senior Health Policy Attorney at the Legal Action Center in New York City. Ms. Reid joined the Legal Action Center in April 2015 and she targets the center’s work to protect the confidentiality of substance use condition care and prevention records. She also participates in the center’s advocacy to ensure implementation of the Affordable Care Act for justice involved individuals. Katie O’Neil is a consultant with the Legal Action Center. She dished as Senior Vice President and HIV AIDS Project Director during more than 30 times tenure with the Legal Action Center. Ms. O’Neil specializes in confidentiality, health privacy and discrimination law and policy. At this pitch I will turn the presentation over to Kate Tipping for the first section of today’s webinar. Thank you Dina and welcome everyone to today’s webinar. SAMHSA has 6 strategic initiatives, one of which is health information technology.The goal of SAMHSA’s Health IT Strategic Initiatives is the widespread implementation of Health IT organizations that support quality integrated behavioral heatlh care for all Americans. Through this initiative SAMHSA strives to ensure that behavioral health providers are not left behind and fully participate in the adoption of Health IT. We also support the behavioral health aspect of Health IT and foundation linkage of systems relevant to behavioral health. There are two federal laws governing confidentiality of Health information including alcohol and narcotic patient records. They are the Health Insurance Portability and Accountability Act and the federal principle on regulation protecting the confidentiality of alcohol and medicine medicine and avoidance message, otherwise known as 42 CFR Part 2. There are also many state ordinances protecting confidential state message such as mental health, HIV/ AIDS and reproductive health. So when you develop communications strategies, they must be developed with the federal and the territory privacy ordinances in memory. Protecting the confidentiality of parties receiving element expend illnes medicine must be balanced with the ability to share information among physical health and behavioral health providers.We will now review the HIPAA privacy rule and 42 CFR Part 2. So a brief overview again: HIPAA stands for The Health Insurance Portability and Accountability Act of 1996. The HIPAA privacy rule launches a flooring to protect the specific characteristics of Protected Health Information. HIPAA provides the floor but states may offer laws that are stricter than this. It to be applied in Protected Health Information no matter how it is shared. The defence rule simply pertains to electronic Protective Health Information. HIPAA also builds patient rights to access and enhance their health information. So what is 42 CFR Part 2? They are the regulations implementing the Federal drug and booze confidentiality constitution at 42 USC 290 dd-2. The Part 2 regulations impose restrictions upon disclosure in use of alcohol and remedy case records, which are maintained in connection with any federally facilitated booze and drug abuse program or Part 2 platform. What is the point of 42 CFR Part 2? Part 2 encourages people to seek treatment without was concerned that by doing so their privacy “wouldve been” settlement. Improper sharing of alcohol and medicine patient records can be achieved through a emcee of negative consequences, including discrimination by other providers, criminal repercussions and civil significances including perhaps loss of child custody, hire or maybe housing.Drug and booze medication programs that are federally facilitated required to comply with 42 CFR Part 2. To be a program[ inaudible] CFR Part 2, you need to be a federally facilitated program. So a program is defined by any individual or entity that holds itself out as stipulating and plies alcohol, drug abuse diagnosings management or referral for treatment; an identified cell within a general medical facility which holds itself out as stipulating and furnishes alcohol or drug abuse diagnoses care or referral for care; or it could be medical personnel or other staff within the general medical facility whose primary office is the provision of alcohol or drug abuse diagnosis, therapy or referral for medicine and who are identified as such providers. There are many individuals or entities that fit this would be Part 2 planned could be a free abide narcotic alcohol medicine curriculum it could be in-patient or out-patient drug and alcohol platform within the general medical facility or it could be an addiction specialist working in a primary care practice.So a quick HIPAA/ Part 2 comparison: the rule offers a storey of safety, as I mentioned. 42 CFR Part 2 is much more restrictive. The HIPAA Privacy Rule does not require patient authorization to disclose information for medication, fee or health care functionings. But 42 CFR Part 2 does require consent when you are disclosing any patient identification information. If health care providers are covered by both the HIPAA privacy rule and Part 2, they must follow both. When they are different providers they must follow which ever demonstrates privacy protection. So the general rule is that disclosing information that would identify a patient as having a substance use disorder is prohibited unless that case assents in writing to the disclosure of that information or another restraint exception refers. Some of the limitations of exclusions could include in the interests of medical emergencies, experiment scrutiny or evaluation or if a Qualified Service Organization Agreement is in place. We will discuss more about that later on in this presentation.Historically, with article records, Part 2 programs had nearly exclusive access to information the majority of cases when[ inaudible] delivered in standalone[ inaudible] safety[ inaudible] electronic health records and health information exchanges, there is an increase in the folks that have access to this information and that increases the the opportunities of the inappropriate disclosure of these records. They extend the universe of people who have access to this information and many of these providers that are not within the normal platform familiar with the restrictions on 42 CFR Part 2. Regardless of the type of EHR system in place, providers must be mindful of the requirements of 42 CFR Part 2 when including alcohol and drug case records. Protected health information can spurt a number of ways from a provider EHR to a Health Information Exchange. A provider can place their EHR data in an outside plan in the mas and should have appropriate agreements in place. For example, a Business Association agreement ora Qualified Service Organization Agreement. Providers with EHRs can also share information via state information exchanges with the relevant case permission. I would now like to turn it over to the Legal Action Center, who will walk us through some common superstitions and situations associated with 42 CFR Part 2. Thanks Kate. This is Deborah Reid from the Legal Action Center. This section of the webinar will examine stories and facts on consent and revealing. Some common delusions about acceptance requirements exist, such as all exposures ask acceptance and the Part 2 safeties of information sharing and peculiarly consent requirements create a barrier to providing high-quality and integrated care to beings with essence exploit ailments, including people who are covered by Medicaid. To gain an understanding of these beliefs let’s take a look at a scenario involving approval. Here we have Betty, individual patients at ABC drug treatment program who overdoses and pauses into a coma. And here are some questions associated with this scenario. Can the medicine treatment planned disclose Betty’s information to the emergency room of a regional infirmary so they can treat her overdose? If so, can the ER doctor inform Betty’s genealogy that she is in treatment at the remedy care platform? To react these questions, we will go to live polling in a moment in order to vote.Choose from the following rebuts. We have A, “Yes, planned ABC may disclose to the ER since this is a medical disaster; nonetheless, the ER can’t disclose to Betty’s family that she is in treatment for a substance employment disorder.” B, “Yes, program ABC may disclose to the ER since this is a medical disaster; and the ER can disclose to Betty’s family that she is in treatment for a essence squander disorder.” Or C, “No, the medication care planned may never disclose information protected by 42 CFR Part 2 unless Betty provisions consent.” Using the GoToMeeting polling function, check if you believe the answer is A, B or C.The system will provide you about 30 seconds to provide your answer. OK, let’s hope everyone has cast their were in favour of A, B or C before we expose the correct answer. OK, the answer to the poll from our viewers: 84% of beings said A. However, the chastise rebuttal is B! Now why is this the correct answer? The medicine curriculum can disclose because this is a medical emergency. The ER may disclose to Betty’s family because formerly the information protected by Part 2 was revealed to medical personnel, for the purposes of the medical disaster objection, it lost it’s Part 2 care and may be re-disclosed as permitted by the HIPAA privacy rule. The medical disaster is just one of the exceptions that may apply. We will discuss over others in the following moves. Remember the general rule that disclosure of information distinguishes a patient either directly or indirectly as having a current or past dope or booze difficulty or participating in a drug or alcohol curriculum is generally prohibited unless the patient agrees in writing or another restriction objection apply. You see from the slither there are 9 main categories of permitted disclosures.We simply talked about one, the medical disaster objection. I too want to mention two other exception to the general rule prohibiting disclosure that are relevant to Electronic Health Records and Health Information Exchanges and that’s written consent and Qualified Service Organization Agreements. Let’s take a look at the express consent exceptions firstly most disclosures are permitted if the patients indicates a legitimate written authorization assent formation that can not expired or been invalidated. The allow was essential to some special aspects to satisfy Part 2 requirement. The HIPAA privacy rule also requires the patients be able to benefit from a facsimile of the authorization form. A patient’s written consent to disclose must also include a written notice of prohibition on re-disclosure personent to area 2.32 of the 42 CFR. That applies for verbal and written disclosures. The written exclusion on re-disclosure has specific speech as required by Part 2 as well. Let take a look at another objection which is the Qualified Service Organization Agreement.QSOAs, as they are also announced, disclose information without case wished to accede to specific intruder organization that provides services to the drug treatment program or its cases. The HIPAA privacy rule calls these organizations Business Identify and Part 2 calls them QSOs, or Qualified Service Organizations. Who or what can be a QSO, generally a QSO is person or organization that provides services to a Part 2 planned such as data processing, lab analysis or other professional services and has entered into a written agreement with a Part 2 program that allows communication of information between the two parties that is necessary for the QSO to perform its function that we have listed on the move under the agreement.And the agreed too takes note of the fact that the QSO must adhere to Part 2 requirement and should not access patient information except as required under Part 2. Now I will turn it over to my colleague Katie O’Neil, who will tell us more about sharing data electronically, which is myth number 2. So I am now on Myth 2 on slide 29 and there is a lot of echo. I will try to fix that. Exactly a few moments. In any case, I am unable to move this slide down so I am not sure whether the world at large can do that.Do you need to go the next slither? We can have that advanced for you. Next slide would be great. Alright. Here is a sample scenario for Myth 2 and we are talking about Dr. John. Dr. John is a physician at ABC treatment program. He needs to consult about his patient, who is a patient in a drug treatment program. He wants to consult with another physician in another health care facility. Both Dr. John’s curriculum and another health care provider are connected to Michigan’s HIE, and they exploit the same electronic health care system. So the issues to for us is: Can Dr. John share his patient’s entire record with the brand-new provider, including sharing Character 2 protected information?[ Next slide] The ask preferences be introduced into you now. They are A is “The answer is Yes, the regs permit the SUD patient’s information to be shared among health care providers so long that sharing is authorized pursuant to a suitable acceptance or a Qualified Service Organization Agreement, or a QSOA.” Second B option is, “Yes but those two providers may only share the information anonymously without exposing any personally identifying patient information about the patient himself or herself.” And the last option is C, which is, “The answer is No because protected health report cannot be shared electronically.” So I will give over to the 30 second or so time limit for you to vote.Alright, so have folks voted? The survey reactions — so the short answer is for A is, “Yes you can share if authorized by proper consent or QSOA.” The second alternative is, “B. Yes and actually 90% of parties pick option A. 6% chose option B which is one can only share this information anonymously with no personally identifying information and the alternative C, which 4% voted for is, “No, absolutely not because personal state datum cannot be shared electronically.” Alright, so the chasten answer is A, which the majority of members of you all said was the right answer. The information behind that is, yes the regulations– 42 CFR Part 2 regulations– do let the SUD patient’s information to be shared among health care providers so long as that sharing is authorized either by suitable acquiesce or the Qualified Service Organization Agreement. And onward we go — one thing that a number of you may have heard about is that SAMHSA and the ONC have developed Consent2Share, which is a data segmentation and agree management tool which is available for beings to adopt and use. It patronage information exchange and it is compliant with the privacy and the confidentiality regulation, including 42 CFR Part 2. And so that is one of the things that has been relatively and recently developed in accordance with the requirements are for Part 2 information and sharing information with the general health care world.[ Next slide] The third delusion: Accessing Datum.[ Next slide] The story is that nobody outside the health systems may retrieve protected health intelligence. A number of parties have realized this to be the fact and it is not true; it is a myth. So the sample situation for this is Sam who is a patient in XYZ drug program is involved in a major heroin deployment ring and has been administering dopes to other cases within that program. So the issue here is, the question is: Can Sam’s curriculum tell the police and or secrete information to the prosecutor involving Sam’s criminal activities? The options are once again 3, A. No, all because no one may access to protected health information. B is Yes because both the HIPAA Privacy Rule and Part 2 admit a program to report patient crimes on it’s propositions to law enforcement. C the option is Yes but you can only report that information anonymously without discovering any case identifying information.So this is the opportunity to say what your natures trust. That’s about 30 seconds I believe so vote if you have not done so more and we will move on. Alright, ballot makes: Once again, it’s good to look at these feelings generally. The rebuts about No– Nobody can share access to this information outside the health care system. 5% voted in favour of that. 90% voted in favour of B, which is both HIPAA Privacy Rule and 42 CFR do allow the reporting of patient crimes on assertions of programs of health care facilities. And C is Yes and again only anonymously and without PHI information.The correct answer is Yes both HIPAA Privacy Rule and Part 2 allow programs to report patient crimes on its program propositions to law enforcement officers. And just by way of explanation, both HIPAA Privacy Rule and Part 2 do allow disclosure of PHI to law enforcement officers[ inaudible] because they recognize how important it is that information be shared for legit law enforcement intents, generally speaking. Again, Part 2 tolerates shielded programs to report to law enforcement agency crimes that occur on program propositions and crimes that occur against program personnel.That clarity positioned this in mind really because it does grow. The issue does originate about how you can communicate with law enforcement in proper way.[ Next slide] Just take a quick look at this. It’s entitled “Myth 3 Debunked.” These are facts about where and when and under what circumstances exposures are permitted under Part 2 protected state knowledge outside the health systems. Again, there are a number of circumstances in which there is permitted disclosure under HIPAA’s Privacy Rule, which is on the left of your screen and likewise under Part 2. Without taking a great deal of your time, I think it’s good to roster these merely to see what members of the general circumstances are where those exposures are permitted .[ Next slide] Once again reminders that all of you I ponder will go to sleep tonight remembering– one of the points is that some of the ways that Part 2 planned can share and include information are these 3 classic occasions: the written case allow, medical disaster objection and a Qualified Service Organization Agreements. Once again these 3 mechanisms for standing that information to be disclosed and allowing that information to be integrated into electronic health record methods with providers that are not covered by Part 2 is to see which of these mechanisms succeeds and make sure that what you do when you employ that mechanism is to make sure that the specific requirements about those 3 communication mechanisms are followed.Next, is we have here in last-place duo slips a number of 42 CFR Part 2 sources[ inaudible] has issued them and ONC has issued these regulations. So a lot of the details that we are skipping over out of necessity because of time today are included in those. I thoughts a number of people who need answers to particular situations that they have set up will be able to find them in now. And next, that’s it. We require Q& As here, so it’s your turn. Thank you Katie and everybody else. We going to move now to the questions and answer section. We have questions that were sent to us through the question function of GoToMeeting and we going to use the time that we have left to answer them.So if you still have questions right now or as we proceed that you would like to pose to our panelist today, please pinpoint the issues to slouse at the bottom towards the right and put your question and we will try to get to it. So we are going to start with our first question now which was submitted. The question I’m going to give to Kate and it is, “Can patient identifying information be shared on internal communications within our facility– for example, through email? ” OK, so patient identification information can be shared if[ inaudible] program[ inaudible] and only be shared among those who have the need to know the information. If it’s shared over email, Part 2 certainly doesn’t address. It was last updated in 1987, so it doesn’t address electronic methods, but there are security rehearses that needs to be in place. I would make sure that it’s a procure email. But as long they fit under the same directive administrative insure and they have the need to know the information within the same entity, Part 2 doesn’t prohibit that.Thank you, Kate. The next question is a soft ball question that I’m going to answer, which is, “Will the moves be made available to the attendees? ” The answer to that is Yes they will. We will be sending a PDF file by the end of the week that you will get and everybody who is on the ask now are likely to be getting that. Alright, next question and this one is for the Legal Action Center. “What if the emergency department plies craving consultant services and did not provide that service while in the ED or while the patient was in the ED? Can that be shared with the family or a primary care provider? ” This is Katie.Could you ask the question again? I got to bit embarrassed. The question queried, “If you have a patient who goes to the ED, for example, and is treated and that ED does furnish addiction specialist works but that’s not why the person was there; can that information about that incident of that ED treatment be shared with the family or primary care provider?( Without consent, I think is the assumption .) If the patient was treated in the ED for a medical emergency, then again the information can be shared by the people who are treating individual patients for that medical disaster but that may not be– and correct me, Debbie, if I’m wrong– that may not be shared with the patient’s family members.Yes, I think that is right, Katie. Alright, thanks for coming. Next question is for Kate and this is related to Health Information Exchanges. In sample scenario 2, if one provider is using one HIE and the other provider is using a different HIE, can those two HIEs[ inaudible] both HIEs consent form? If two[ inaudible] do they need to be specified as to or from in the approval for 42 CFR? OK, so if the patient has consented to share their information within the HIE, and then that HIE wants to communicate or wants to share the information with another HIE, the patient would have to have consented to sharing that information.Now, an HIE can be listed on the agree form but it wouldn’t be shared with all of the participate providers within the HIE, though all of those providers would need to be listed on the allow way as well. I don’t know whether I answered that question appropriately. Mostly the “to whom” section is very specific– the “to whom” section on the acquiesce requirement– so you would need to list out the specific HIE that you are sharing with but note that you may be sharing with that HIE wouldn’t flow down to all the participating providers. Thanks Kate, I think you really did answer that one. So while you are on a roll, let me give you another one. “Could the HIEs have a QSOA between them instead of being is available on the permit formation? ” So the QSOA provision is for providing services to the Part 2 curriculum so the QSOA agreement needs to be between[ inaudible] Responsibility 2 program and “providers “. It can’t be between the HIE and the enter providers Unless they are the Part 2 curriculum and if they are the Part 2 planned, they must explicitly country what service they are providing to the Part 2 program.It couldn’t be just for the purposes of getting around the consent requirements. It has to be a specific service that is being provided to the Part 2 curriculum. OK, and this issue I study any of you guys could refute, which is, “Are separate approvals required for each provider in an HIE setting or is a single assent anatomy adequate? ” And I think you got it, let’s just require a clear answer to this one. Proportion 2 does allow for a multi-party consent form as long as you each individual is listed on the approval for the same purpose, then that would be fine to have one consent form. But you’re saying they do need to be specifically registered? Right. Great. OK, here is one for Deborah: “4 2 CFR Part 2 allows for disclosure for child abuse issues.Does it also address prone adult publishes? ” Now that one I don’t think so but I’m going to defer to Katie for information on that. The short answer is that child abuse exists but elder ill-treatment is not something which can be reported under the current regulations in 42 CFR Part 2. Thank you. This one’s for Kate. “If someone reveals that they use substances but they haven’t been diagnosed with a substance use illnes, is that information protected? ” The person says they are thinking a lot about SBIRT in this example. So first it would depend on if the facility or individual is a programme covered by Part 2 and it would only, you are familiar with, if they meet the definition of Part 2 or if they are an individual or entity that holds itself out as adding and equips element call malady diagnosis therapy and referral for medicine, then they are able to encounter the definition of program.For the most part, we have some frequently asked questions that address the issue of SBIRT and it genuinely does. For the majority of cases, SBIRT services are not covered by Part 2 but it depends on if they are done at a Part 2 facility. Then they would then fall under Part 2 because it’s a Part 2 facility. If it’s done in a primary care practice, which may not be a Part 2 curriculum per se, then the Part 2 safeties is not apply. Thank you Kate I simply want to remind tribes on the line that we are still bear questions through the question entry portion to the right of your screen.Do not create your hand to be called on for an open word because we are not going to be opening indications due to the size of the audience today. Alright, let’s move to the next question. This one we are going to back up a little to talk about consent and I will let you decide who wants to answer it. “What is the exact wording that needs to be used on a express consent for 42 CFR? What are the components that must be there? ” This is Debbie, and it doesn’t have to be exact wording for the consent to follow a series of elements that must be included to satisfy Part 2, such as the epithet or general designation of the program that is going to make the disclosure; the word of the individual or organization that will receive the exposure; the epithet[ inaudible] disclosure; the specific objectives or need for the disclosure of information; a description of how much and what kind of information will be disclosed.It also has to include the patient’s right to repeal the permit in writing and exclusions[ inaudible] have to be included. In addition, the authorization must indicate the program’s ability to condition treatment, fee enrollment or eligibility of benefits on the patient agreeing to sign the consent by either[ inaudible] cannot milieu the services offered on the patient signing the permit or the consequences for the patient refusing to sign the acquiesce. The other 3 points are: It has to include the date on which the patient will be ratifying the assent, the signature of the patient or[ inaudible] and lastly the acquiesce should include the date, occasion, or necessity upon which the consent expires if not previously being invalidated. Just as a reminder, the acceptance has to be accompanied by the prohibition of re-disclosure of confidential information and that has a particular language that is specific. Thank you, Debbie. “Does 42 CFR[ inaudible] regulates making a referral for essence squander ill therapy for an adolescent? Is that referral itself considered protected information under 42 CFR? ” This is Katie.[ inaudible] The short answer is that class, including public academies, are not themselves programs and so[ inaudible] with 42 CFR[ inaudible] and if a educator of[ inaudible] of an adolescent notices that the youngster has or may have a drug or booze problem, that report may be given by the teacher, the principal, the school person as one of the purposes of a referral and there is no[ inaudible] armour or exclusion against disclosing that information to– for instance, the entity that you are referring the student for possible diagnosis or if there is[ inaudible] trouble treatment rep.Thank you. OK, here is one about labs, merely to swap it up a little. “If you have have an agreement with a lab but an outside listener wants to audit the lab company who wants to see the substance abuse client folders, is that covered under your agreement with the lab? ” Katie, do you want to talk a little bit about inspections? Sure, I suspect first I’ll touch on the QSOA.So if you have a Qualified Service Agreement in your Place 2 platform, you have agreement with a lab that can fall within the qualified service[ inaudible] If it’s for an auditor evaluation, which may fall under the audit and evaluation exception, that may be different because it’s for an audit or assessment of the Part 2 planned. Back to the QSO piece, we do have advice that allows for the QSO … The QSO can only share information back to the Part 2 platform unless there is a contract agent that is performing part of whatever was stated in the agreement to carry out whatever service was agreed upon. If there is a contract agent, then they are unable to share the information. The contract could only share the information back to the QSO. If we talking about an audit or evaluation, and if it is of the lab, it probably would not fall under Part 2. I intend, it wouldn’t fall under the exception under examination and assessment mainly because that is on[ inaudible] of Part 2 program.I don’t know whether Katie or Deborah, if you want to add anything to that one. No, I don’t think so. OK, we going to move to the next question. This one is for Deborah and it’s a about probation and parole. “If probation and parole refers a client for care, can that intelligence be disclosed if the client has not yet indicated the allow? ” I’m assuming that probation and parole have information pertaining to a client’s substance use. OK, I’m sorry, what was the second part of the question? Can that information about the client in a referral be disclosed if they haven’t signed the allow? Again, if it’s another referral for care. Well, if it’s a condition of the individual’s probation or parole or some other criminal justice reason such as release from imprisonment or probation and the person hasn’t signed the agree form.The question is whether, yes, if the client hasn’t indicated the approval, can that referral for care be made? We know Part 2 has some special rules in those situations. I repute if it’s a condition of parole[ inaudible] that the acquiesce doesn’t have to be allowed– it doesn’t have to be included. Unless you talking about under section 235, individual patients does have to sign the approval but if they do want to repeal their permit, they may not be able to until after the expression of the probation has expired.That is 235. Hubbub like there is still a little bit of fluster there. Cases can disclose information or a programme designed can disclose information about the patient. But they are not a program, they are probation and parole. OK, then that’s correct. So I think we can say there is an exception. Yes, there is an exception but I’d have to look at that a little closer unless Katie, would you have something in addition about unsigned? I thoughts once the information is disclosed from the program, the person who receives it can re-disclose it but merely to carried out under that person’s official duties with regards to the patient’s provisional release.OK, or probation or something, right? Yeah. Five more instants[ inaudible] we are able to touched a few more questions.[ inaudible] and this[ inaudible] Undisclosures to the parent company of an ACO under a QSOA. Under what environments could the ACO share the Part 2 information to independent physician rehearses who served in the ACO? So the[ inaudible] one can have[ inaudible] with the pas ACO entity, but in order to better for them, just as an HIE, in order for them to share the information with their participating providers and suppliers or independent[ inaudible] they would need to obtain patient consent. And again, that’s because the QSO arrangement is only between the Part 2 program and the service providers. A two-way agreement. So in order for them to further share it, they would need to obtain patient consent. Thank you. We to be able to do one more question and it’s for the Legal Action Center.”When[ inaudible] health care providers, do we have to have the 42 CFR disclosure embossed on each page that we send in the packet? ” This is Katie. So you need to– in sending information– you need to have attached to the information that you send the notice prohibiting re-disclosure, which Debbie talked about earlier. Assuming that what you are doing is you are sending the information with permission. Every recipient of that consented to information that is being ship[ inaudible] is not further disclose that knowledge unless they have consent or another authorization[ inaudible] CFR Part 2. Therefore, what you have got to do is to be able to create a system where you can made to ensure that consented to information that’s[ inaudible] also flags the fact the recipient of the information may not further disclose it unless they are authorized by consent or another of the exceptions.[ reiterating] I want to move to the next slide please. First of all, thanks for coming for all your questions. We went more that we can answer right now, so we will see if we can answer the rest of them and offer them to you when we equip the slides.Before “theres going”, we have a few remembers for you. They are that we have a third webinar in our time lines on September 22 nd at the same time, so between 1:00 -2: 00 pm. You can find the link to register for that webinar in the promotional flyer, which the authorities concerned will circulate following this presentation and which you may have already come in publicities for today’s webinar. You will also receive a PDF of this PowerPoint presentation by the end of the week.Finally, sound recordings of this webinar with subtitles will be made available on the SAMHSA website, although that will take a little bit longer.[ Next slide] If you want to learn more, please visit the SAMHSA website and Store. They have a wealth of information on HIPAA and Part 2. If you have further questions about SAMHSA Health Information Technology unit or undertakings platforms or commodities, satisfy feel free to send them to us at our Health IT email address, which is samhsa.hit @samhsa. hhs.gov. On behalf of the members of the SAMHSA Health IT unit, I want to thank everybody for participating in this webinar. We hope that you will join us for the next webinar in September. Thank you so much better ..