Good afternoon everyone. My name is Dina Passman and I am Public Health Advisor on SAMHSA’s Health Information Technology Team. I want to welcome everyone to today’s webinar on 42 CFR Part 2: Delusions and Scenarios. This is the second webinar in our SAMHSA Health IT summer webinar sequence. Before we begin, there are few housekeeping items for today’s webinar. First of all, this webinar is being recorded and will be made available on SAMHSA’s website in the near future. In addition, a PDF version of the slip floor will be sent to attendees following the webinar, which you can feel free to share with friends and colleagues. All paths are currently subdued. If you have questions for the presenters, satisfy kind them into the questions box in the GoToWebinar panel on the right hand side of your screen. Eventually, following the adjournment of the webinar we will have a question and answer session in order to address all matters that you may have. We look forward to doing that with you. The purpose and learning objectives of today’s webinar reads as follows: To informed about the law implications of the HIPAA Privacy Rule and 42 CFR Part 2, which I will exactly announce “Part 2” now to save some of my breath.We are going to review the mechanisms of working with 42 CFR Part 2( I lied) to exchange information between providers and finally to understand how electronic health records and their current health IT environment affects compliance with Part 2. As a speedy renunciation, this webiner is for information purposes merely and is not intended as legal advice. Specific questions regarding federal statute should be allocated to your legal counsel in addition to any mood or local regulations that may apply here. We are lucky to have 3 experts with us today who will lead us through this investigate of 42 CFR Part 2. They include Kate Tipping, Deborah Reid and Katie O’Neil. Kate Tipping is a Public Health Advisor at SAMHSA and a are part of the SAMHSA Health IT Team. Previously she was a Policy Analyst at the Office of the National Coordinator for Health Information Technology, or ONC. She was also a Public Health Analyst at the Health Assets and Assistance Administration, or HRSA. Deborah Reid is a Senior Health Policy Attorney at the Legal Action Center in New York City. Ms. Reid affiliated the Legal Action Center in April 2015 and she guides the center’s work to protect the confidentiality of substance utilization ill therapy and avoidance records.She too participates in the center’s advocacy to ensure implementation of the Affordable Care Act for right involved individuals. Katie O’Neil is a consultant with the Legal Action Center. She provided as Senior Vice President and HIV AIDS Project Director during more than 30 times tenure with the Legal Action Center. Ms. O’Neil specializes in confidentiality, state privacy and discrimination laws and policies. At this target I will turn the presentation over to Kate Tipping for the first segment of today’s webinar. Thank you Dina and welcome everyone to today’s webinar. SAMHSA has 6 strategic initiatives, one of which is health information technology.The goal of SAMHSA’s Health IT Strategic Initiatives is the widespread implementation of Health IT systems that support quality integrated behavioral heatlh care for all Americans. Through this initiative SAMHSA strives to ensure that behavioral health providers are not left behind and fully participate in the adoption of Health IT. We also support the behavioral health aspect of Health IT and supporting linkage of systems relevant to behavioral health. There are two federal laws governing confidentiality of Health information including booze and pharmaceutical patient records.They are the Health Insurance Portability and Accountability Act and the federal regulation on regulation protecting the confidentiality of alcohol and medication management and prevention datum, otherwise known as 42 CFR Part 2. There are also many state regulations protecting confidential health datum such as mental health, HIV/ AIDS and reproductive health. So when you develop communication strategy, they must be developed with the federal and the mood privacy ordinances in attention. Protecting the confidentiality of parties receiving substance implementation condition management is required to be balanced with the ability to share information among physical state and behavioral health providers.We will now review the HIPAA privacy rule and 42 CFR Part 2. So a brief overview again: HIPAA stands for The Health Insurance Portability and Accountability Act of 1996. The HIPAA privacy rule fixes a floor to protect the specific characteristics of Protected Health Information. HIPAA provides the floor but territory may specify statutes that are stricter than this. It to be applied in Protected Health Information no matter how it is shared. The security ruler exclusively pertains to electronic Protective Health Information. HIPAA too supports case claims to access and mend their own health information.So what is 42 CFR Part 2? They are the regulations implementing the Federal drug and alcohol confidentiality ordinance at 42 USC 290 dd-2. The Part 2 regulations impose restrictions upon revealing in use of alcohol and drug case records, which are maintained in connection with any federally facilitated booze and drug abuse program or Part 2 platform. What is the point of 42 CFR Part 2? Part 2 encourages people to seek treatment without fear that by doing so their privacy “wouldve been” jeopardized. Improper sharing of booze and dope patient records can lead to a legion of negative consequences, including discrimination by other providers, criminal consequences and civil causes including perhaps loss of child custody, employ or maybe housing.Drug and alcohol medication planneds that are federally assisted required to comply with 42 CFR Part 2. To be a program[ inaudible] CFR Part 2, you need to be a federally facilitated platform. So a program is defined by any individual or entity that holds itself out as affording and equips booze, substance abuse diagnoses medicine or referral for care; an identified contingent within a general medical facility which holds itself out as and furnishes alcohol or drug abuse diagnosings treatment or referral for medication; or it could be medical personnel or other staff within the general medical equipment whose primary office is the provision of alcohol or drug abuse diagnosis, management or referral for therapy and who are identified as such providers.There are many individuals or entities that fit this would be Part 2 program could be a free countenance narcotic booze therapy program it could be in-patient or out-patient drug and booze program within the general medical equipment or it could be an addiction specialist working in a primary care practice. So a immediate HIPAA/ Part 2 analogy: the rule offers a flooring of safety, as I mentioned. 42 CFR Part 2 is much more restrictive. The HIPAA Privacy Rule does not require patient authorization to disclose information for management, fee or healthcare systems activities. But 42 CFR Part 2 does require consent when you are disclosing any case identifying information.If health care providers are covered by both the HIPAA privacy rule and Part 2, they must follow both. When they are different providers they must follow which ever utters privacy protection. So the general rule is that disclosing information that would identify a patient as having a substance use disorder is prohibited unless that case allows in writing to the disclosure of that intelligence or another restraint exception devotes. Some of the limitations of exceptions could include in the interests of medical disasters, research examine or evaluation or if a Qualified Service Organization Agreement is in place. We will discuss more about that later on in this presentation. Historically, with newspaper records, Part 2 programs had nearly exclusive access to information the majority of cases when[ inaudible] delivered in standalone[ inaudible] protection[ inaudible] electronic health records and health information exchanges, there is an increase in the tribes that have access to this information and that increases the chances of the improper disclosure of these records. They extend the universe of people who have access to this information and many of these providers that are not within the typical curriculum familiar with the restrictions on 42 CFR Part 2. Regardless of the type of EHR arrangement in place, providers must be mindful of the requirements of 42 CFR Part 2 when including alcohol and stimulant patient records. Protected health information can spurt a number of ways from a provider EHR to a Health Information Exchange. A provider can accumulate their EHR data in an outside organisation in the gloom and should have appropriate agreements in place. For example, a Business Association agreement ora Qualified Service Organization Agreement. Providers with EHRs can also share information via state information exchanges with the appropriate case authorization. I would now like to turn it over to the Legal Action Center, who will walk us through some common illusions and situations associated with 42 CFR Part 2. Thanks Kate. This is Deborah Reid from the Legal Action Center.This section of the webinar will examine illusions and facts on consent and disclosure. Some common delusions about allow requirements exist, such as all exposures involve allow and the Part 2 shields of information sharing and extremely consent requirements create a barrier to providing high-quality and integrated care to types with element application illness, including people who are covered by Medicaid. To gain an understanding of these myths let’s take a look at a scenario involving authorization. Here we have Betty, individual patients at ABC drug treatment program who overdoses and faults into a coma.And here are some questions associated with this situation. Can the treat management program uncover Betty’s information to the emergency room of a regional infirmary so they can treat her overdose? If so, can the ER doctor inform Betty’s genealogy that she is in treatment at the narcotic medication platform? To ask these questions, we will go to live polling in a moment in order to vote. Choose from the following points rebuts. We have A, “Yes, curriculum ABC may disclose to the ER since this is a medical emergency; however, the ER can’t disclose to Betty’s family that she is in treatment for a substance use disorder.” B, “Yes, curriculum ABC may disclose to the ER since this is a medical emergency; and the ER can disclose to Betty’s family that she is in treatment for a substance implementation disorder.” Or C, “No, the narcotic management platform may never disclose information protected by 42 CFR Part 2 unless Betty renders consent.” Using the GoToMeeting polling function, check if you believe the answer is A, B or C.The system will provide you about 30 seconds to provide your answer. OK, let’s hope everyone has cast their were in favour of A, B or C before we uncover the chastise answer. OK, the answer to the poll from our viewers: 84% of beings said A. However, the chastise explanation is B! Now why is this the correct answer? The medication program can disclose because this is a medical disaster. The ER may disclose to Betty’s family because formerly the information protected by Part 2 was revealed to medical personnel, for the purposes of the medical emergency exclusion, it lost it’s Part 2 care and may be re-disclosed as permitted by the HIPAA privacy rule. The medical emergency is just one of the exceptions that may apply. We will discuss over others in the following moves. Remember the general rule that disclosure of information distinguishes a patient either directly or indirectly as having a current or past stimulant or booze problem or participating in a drug or booze program is generally vetoed unless the patient assents in writing or another restriction exclusion apply. You see from the move there was still 9 main categories of let revealings. We really talked about one, the medical emergency exception.I also want to mention two other exception to the general rule prohibiting disclosure that are relevant to Electronic Health Records and Health Information Exchanges and that’s written consent and Qualified Service Organization Agreements. Let’s take a look at the express consent exclusions first most disclosures are permitted if the patients signs a legitimate written authorization approval flesh that can not expired or been invalidated. The permission was essential to some particular components to satisfy Part 2 requirement. The HIPAA privacy rule also requires individual patients be provided with a copy of the authorization form. A patient’s written consent to disclose must also include a written notice of prohibition on re-disclosure personent to section 2.32 of the 42 CFR.That applies for verbal and written disclosures. The written injunction on re-disclosure has specific language as required by Part 2 as well. Lets take a look at another objection which is the Qualified Service Organization Agreement. QSOAs, as they are also called, disclose information without patient wished to accede to specific intruder organization that provides services to the drug treatment program or its cases. The HIPAA privacy rule calls these organizations Business Identify and Part 2 calls them QSOs, or Qualified Service Organizations. Who or what can be a QSO, usually a QSO is person or organization that provides services to a Part 2 program such as data processing, laboratory analysis or other professional services and has entered into a written agreement with a Part 2 program that allows communication of information between the two parties that is necessary for the QSO to perform its function that we have listed on the slip under the agreement.And the agreement too acknowledges that the QSO must adhere to Part 2 requirement and should not access patient information except as required under Part 2. Now I will turn it over to my colleague Katie O’Neil, who will tell us more about sharing data electronically, which is myth number 2. So I am now on Myth 2 on move 29 and there is a lot of echo. I will try to fix that. Only a moment.In any case, I am unable to move this slide down so I am not sure whether the world at large can do that. Do you need to go the next slip? We can have that boost for you. Next slide would be great. Alright. Here is a sample scenario for Myth 2 and we are talking about Dr. John. Dr. John is a physician at ABC treatment program. He needs to consult about his case, who is a patient in a drug treatment program. He wants to consult with another physician in another health care facility. Both Dr. John’s program and another health care provider are connected to Michigan’s HIE, and they exercise the same electronic health care system. So the question for us is: Can Dr. John share his patient’s entire record with the new provider, including sharing Division 2 protected information?[ Next slide] The rebut choices be introduced into you here. They are A is “The answer is Yes, the regs grant the SUD patient’s information to be shared among health care providers so long that sharing is authorized pursuant to a suitable acceptance or a Qualified Service Organization Agreement, or a QSOA.” Second B option is, “Yes but those two providers may simply share the information anonymously without disclosing any personally identifying patient information about the patient himself or herself.” And the last option is C, which is, “The answer is No because protected health intelligence cannot be shared electronically.” So I will give over to the 30 second or so time limit for you to vote.Alright, so have folks elected? The poll results — so the short answer is for A is, “Yes you can share if authorized by proper consent or QSOA.” The second alternative is, “B. Yes and actually 90% of beings prefer alternative A. 6% chose option B which is one can only share this information anonymously with no personally identifying information and the alternative C, which 4% voted for is, “No, absolutely not because personal state report cannot be shared electronically.” Alright, so the rectify rebuttal is A, which the majority of members of you all said was the right answer. The information behind that is, yes the regulations– 42 CFR Part 2 regulations– do countenance the SUD patient’s information to be shared among health care providers so long as that sharing is authorized either by proper approval or the Qualified Service Organization Agreement. And onward we go — one thing that a number of you may have heard about is that SAMHSA and the ONC have developed Consent2Share, which is a data segmentation and acquiesce management tool which is available for beings to adopt and use.It supportings information exchange and it is compliant with the privacy and the confidentiality regulation, including 42 CFR Part 2. And so that is one of the things that has been relatively and recently developed in accordance with the requirements are for Part 2 information and sharing information with the general health care world.[ Next slide] The third superstition: Retrieving Knowledge.[ Next slide] The myth is that no one outside the health care system may retrieve protected state datum. A number of people have recognized this to be the fact and it is not true; it is a myth. So the test scenario for this is Sam who is a patient in XYZ drug program is involved in a major heroin distribution resounding and has been dispersing remedies to other cases within that program.So the issue here is, the issues to is: Can Sam’s planned tell the police and or secrete information to the prosecutor considering Sam’s criminal activities? The options were again 3, A. No, all because no one may access to protected health information. B is Yes because both the HIPAA Privacy Rule and Part 2 permit a program to report patient crimes on it’s assertions to law enforcement. C the option is Yes but you can only report that information anonymously without uncovering any patient identification information. So this is the opportunity to say what your mettles believe.That’s about 30 seconds I believe so vote if you have not done so more and we will move on. Alright, canvas ensues: Formerly again, it’s good to look at these insights generally. The answers about No– Nobody can share access to this information outside the health systems. 5% voted in favour of that. 90% voted for B, which is both HIPAA Privacy Rule and 42 CFR do allow the reporting of patient crimes on assertions of programs of health care facilities. And C is Yes and again only anonymously and without PHI information. The redres ask is Yes both HIPAA Privacy Rule and Part 2 tolerate programs to report patient crimes on its program assertions to law enforcement.And time by way of explanation, both HIPAA Privacy Rule and Part 2 do allow disclosure of PHI to law enforcement[ inaudible] because they recognize how important it is that information be shared for legit law enforcement officers roles, generally speaking. Again, Part 2 lets enveloped programs to report to law enforcement agency crimes that occur on program assertions and crimes that occur against program personnel. That clarity positioned this in mind time because it does arise. The question does grow about how you can communicate with law enforcement in appropriate ways.[ Next slide] Just take a quick look at this. It’s entitled “Myth 3 Debunked.” These are happenings about where and when and under what circumstances disclosures are permitted under Part 2 protected health intelligence outside the health care system. Again, there are a number of circumstances in which there is permitted disclosure under HIPAA’s Privacy Rule, which is on the left of your screen and also under Part 2. Without taking a great deal of your time, I think it’s good to roster these only to see what members of the general circumstances are where those exposures are permitted .[ Next slide] Once again reminders that all of you I recollect will go to sleep tonight remembering– one of the points is that some of the ways that Part 2 planned can share and include information are these 3 classic circumstances: the written case consent, medical disaster objection and a Qualified Service Organization Agreements. Once again these 3 mechanisms for earmarking that information to be disclosed and allowing that information to be integrated into electronic health record plans with providers that are not covered by Part 2 is to see which of these mechanisms wreaks and make sure that what you do when you apply that mechanism is to make sure that the specific requirements about those 3 communication mechanisms are followed.Next, is we have here in last-place duet slithers a number of 42 CFR Part 2 riches[ inaudible] has issued them and ONC has issued these regulations. So a lot of the details that we are skipping over out of necessity because of time today are included in those. I suppose a number of people who need answers to particular scenarios that they have set up will be able to find them in now. And next, that’s it. We want Q& As here, so it’s your turn. Thank you Katie and everybody else. We going to move now to the questions and answer section. We have questions that were sent to us through the question function of GoToMeeting and we going to use the time that we have left to answer them.So if you still have questions right now or as we proceed that you would like to pose to our panelist today, please spot the issues to region at the bottom towards the right and put your question and we will try to get to it. So we are going to start with our first issue here which is being presented. The question I’m going to give to Kate and it is, “Can patient identifying information be shared on internal communications within our facility– for example, through email? ” OK, so patient identification information can be shared if[ inaudible] curriculum[ inaudible] and exclusively be shared among those who have the need to know the information.If it’s shared over email, Part 2 actually doesn’t address. It was last updated in 1987, so it doesn’t address electronic organizations, but there are security practises that needs to be in place. I would make sure that it’s a lock email. But as long they fit under the same directive administrative see and they have the need to know the information within the same entity, Part 2 doesn’t restrict that. Thank you, Kate. The next question is a soft ball question that I’m going to answer, which is, “Will the moves be made available to the attendees? ” The answer to that is Yes they will. We will be sending a PDF file by the end of the week that you will get and everybody who is on the summon now will be get that. Alright, next question and this one is for the Legal Action Center. “What if the emergency department affords craving expert services and did not provide that service while in the ED or while the patient was in the ED? Can that be shared with the family or a primary care provider? ” This is Katie.Could you ask the question again? I got to bit confused. The question asked, “If you have a patient who goes to the ED, for example, and is treated and that ED does provision addiction specialist assistances but that’s not why the person was there; can that informed about that episode of that ED treatment be shared with the family or primary care provider?( Without permit, I think is the assumption .) If the patient was treated in the ED for a medical emergency, then again the information can be shared by the people who are treating individual patients for that medical disaster but that may not be– and correct me, Debbie, if I’m wrong– that may not be shared with the patient’s family members.Yes, I think that is right, Katie. Alright, thanks for coming. Next question is for Kate and this is related to Health Information Exchanges. In sample scenario 2, if one provider is using one HIE and the other provider is using a different HIE, can those two HIEs[ inaudible] both HIEs consent form? If two[ inaudible] do they need to be specified as to or from in the assent for 42 CFR? OK, so if the patient has consented to share their information within the HIE, and then that HIE wants to communicate or wants to share the information with another HIE, the patient would have to have consented to sharing that information.Now, an HIE can be listed on the permit way but it wouldn’t be shared with all of the enter providers within the HIE, though all of those providers would need to be is available on the acceptance use as well. I don’t know whether I answered that question appropriately. Mostly the “to whom” section is very specific– the “to whom” section on the acceptance requirement– so you would need to list out the specific HIE that you are sharing with but note that you may be sharing with that HIE wouldn’t flow down to all the participating providers. Thanks Kate, I think you really did answer that one. So while you are on a roll, let me give you another one. “Could the HIEs have a QSOA between them instead of being listed on the acceptance way? ” So the QSOA provision is for providing services to the Part 2 planned so the QSOA agreement needs to be between[ inaudible] Constituent 2 platform and service provider.It can’t be between the HIE and the participating providers Unless they are the Part 2 planned and if they are the Part 2 program, they must explicitly regime what service they are providing to the Part 2 curriculum. It couldn’t be just for the purposes of getting around the consent requirements. It has to be a specific service that is being provided to the Part 2 curriculum. OK, and this issue I reckon any of you guys could refute, which is, “Are separate acceptances are necessary to each provider in an HIE setting or is a single agree flesh ample? ” And I think you got it, let’s just equip a clear answer to this one.Part 2 does allow for a multi-party consent form as long as you each individual is listed on the permit for the same purpose, then that would be fine to have one consent form. But you’re saying they do need to be specifically rostered? Right. Great. OK, here is one for Deborah: “4 2 CFR Part 2 allows for disclosure for child abuse issues. Does it also address prone adult concerns? ” Now that one I don’t think so but I’m going to defer to Katie for information on that.The short answer is that child abuse exists but elder abuse is not something which can be reported under the current regulations in 42 CFR Part 2. Thank you. This one’s for Kate. “If someone reveals that they use essences but they haven’t been diagnosed with a substance consume disorder, is that information protected? ” The person says they are thinking a lot about SBIRT in this example. So first it will vary depending on if the facility or individual is a program covered by Part 2 and it was able to, you know, if they meet the definition of Part 2 or if they are an individual or entity that holds itself out as affording and plies element employment illnes diagnosis management and referral for management, then they are able to encounter the definition of program. For the best part, “were having” some frequently asked questions that address the issue of SBIRT and it genuinely does. For most of the time, SBIRT services are not covered by Part 2 but it depends on if they are done at a Part 2 equipment. Then they would then fall under Part 2 because it’s a Part 2 facility. If it’s done in a primary care practice, which may not be a Part 2 planned per se, then the Part 2 shelters do not apply.Thank you Kate I precisely want to remind folks on the line that we are still accepting questions through the question entry portion to the right of your screen. Do not invoke your hand to be called on for the purposes of an open direction since we do not going to be opening paths due to the size of the audience today. Alright, let’s move to the next question.This one we are going to back up a little to talk about consent and I will let you decide who wants to answer it. “What is the exact wording that needs to be used on a written consent for 42 CFR? What are the components that must be there? ” This is Debbie, and it doesn’t have to be exact wording for the consent to follow a series of elements that must be included to satisfy Part 2, such as the mention or general name of the program that is going to make the exposure; the name of the individual or organization that will receive the revealing; the reputation[ inaudible] revealing; the purpose or are necessary to the disclosure of information; a description of how much and what kind of information will be disclosed. It also has to include the patient’s right to repeal the permit in writing and objections[ inaudible] have to be included. In addition, the agree must indicate the program’s ability to condition treatment, pay enrollment or qualification which are beneficial on the patient agreeing to sign the consent by either[ inaudible] cannot case the services offered on the patient signing the permit or the consequences for the patient refusing to sign the consent.The other 3 points are: It has to include the date on which the patient will be indicating the consent, the signature of the patient or[ inaudible] and lastly the assent should include the date, event, or precondition upon which the acceptance expires if not previously being invalidated. Merely as a reminder, the permit has to be accompanied by the prohibition of re-disclosure of confidential information and that has a particular language that is specific. Thank you, Debbie. “Does 42 CFR[ inaudible] powers making a referral for element call condition management for an adolescent? Is that referral itself considered protected information under 42 CFR? ” This is Katie.[ inaudible] The short answer is that academies, including public academies, are not themselves programs and so[ inaudible] with 42 CFR[ inaudible] and if a teacher of[ inaudible] of an adolescent notices that the teenage has or may have a drug or booze trouble, that datum may be given by the teacher, the principal, the school person as part of a referral and there is no[ inaudible] shield or prohibition against disclosing that information to– for instance, the entity that you are referring the student for possible diagnosis or if there is[ inaudible] problem medicine rep.Thank you. OK, here is one about labs, time to switch it up a little. “If you have have an agreement with a lab but an outside investigator wants to audit the lab company who wants to see the substance abuse client data, is that covered under your agreement with the lab? ” Katie, do you want to talk a little bit about examinations? Sure, I predict first I’ll touch on the QSOA. So if you have a Qualified Service Agreement in your Responsibility 2 platform, you have agreement with a lab that can fall within the qualified service[ inaudible] If it’s for an auditor evaluation, which may fall under the audit and evaluation exception, that may be different because it’s for an audit or evaluation of the Part 2 program. Back to the QSO piece, we do have counseling that allows for the QSO … The QSO can only share information back to the Part 2 platform unless there is a contract agent that is performing part of whatever was stated in the agreement to carry out whatever service was agreed upon.If there is a contract agent, then they could share the information. The contract could only share the information back to the QSO. If we talking about an audit or evaluation, and if it is of the lab, it probably would not fall under Part 2. I want, it wouldn’t fall under the exception under review and evaluation mainly because that is on[ inaudible] of Part 2 program. I don’t know whether Katie or Deborah, if you want to add anything to that one. No, I don’t think so. OK, we going to move to the next question. This one is for Deborah and it’s a about probation and parole. “If probation and parole pertains a consumer for medication, can that datum be disclosed if the client has not yet indicated the acceptance? ” I’m assuming that probation and parole was informed pertaining to a client’s substance use. OK, I’m sorry, what was the second part of the question? Can that information about the client in a referral be disclosed if they haven’t indicated the permission? Again, if it’s another referral for treatment.Well, if it’s a condition of the individual’s probation or parole or some other criminal justice reason such as release from captivity or probation and the person hasn’t signed the acquiesce assemble. The question is whether, yes, if the client hasn’t ratified the allow, can that referral for management be made? We know Part 2 has some special rules in those situations. I imagine if it’s a condition of parole[ inaudible] that the permission doesn’t have to be allowed– it doesn’t have to be included. Unless you talking about under section 235, individual patients does have to sign the consent but if they do want to annul their approval, they may not be able to until after the term of the probation has expired.That is 235. Bang like there is still a little bit of embarrassment there. Patients can disclose information or a programme designed can disclose information about the patient. But they are not a program, they are probation and parole. OK, then that’s correct. So I think we can say there is an exception. Yes, there is an exception but I’d have to look at that a little closer unless Katie, would you have something in addition about unsigned? I imagine once the information is disclosed from the programme, the person who receives it can re-disclose it but only to carried out under that person’s official duties with regards to the patient’s provisional release.OK, or probation or something, right? Yeah. Five more minutes[ inaudible] we are able to punched a few more questions.[ inaudible] and this[ inaudible] Undisclosures to the parent company of an ACO under a QSOA. Under what environments could the ACO share the Part 2 information to independent physician practises who served in the ACO? So the[ inaudible] we are capable of have[ inaudible] with the result ACO entity, but in order for them, just as an HIE, in order for them to share the information with their enter providers and suppliers or independent[ inaudible] they would need to obtain patient consent. And again, that’s because the QSO arrangement is only between the Part 2 curriculum and the service providers.A two-way agreement. So in order for them to further share it, they would need to obtain patient consent. Thank you. We are going to do one more question and it’s for the Legal Action Center. “When[ inaudible] health care providers, do we have to have the 42 CFR disclosure embossed on each page that we send in the container? ” This is Katie.So you need to– in sending information– you need to have attached to the information that you send the notice restricting re-disclosure, which Debbie talked about earlier. Assuming that what you are doing is you are sending the information with approval. Every recipient of that consented to information that is being transmit[ inaudible] do not further disclose that datum unless they have consent or another authorization[ inaudible] CFR Part 2. Therefore, what you have got to do is to be able to create a system where you can make sure that consented to information that’s[ inaudible] too flags the fact the recipient of the information may not further disclose it unless they are authorized by consent or another of certain exceptions .[ resonating] I want to move to the next slither please. First of all, thank you for all your questions. We got more that we can answer right now, so we will see if we can answer the rest of them and add them to you when we supply the slithers. Before “theres going”, we have a few remembers for you. They are that we have a third webinar in our time sequences on September 22 nd at the same time, so between 1:00 -2: 00 pm. You can find the link to register for that webinar in the promotional flyer, which we will circulate following this presentation and which you may have already gotten in advertisements for today’s webinar. You will also receive a PDF of this PowerPoint presentation by the end of the week. Ultimately, a recording of this webinar with subtitles will be made available on the SAMHSA website, although that will take a little bit longer.[ Next slide] If you want to learn more, please visit the SAMHSA website and Store. They have a wealth of information on HIPAA and Part 2. If “youve had” further questions about SAMHSA Health Information Technology crew or undertakings curricula or produces, satisfy feel free to send them to us at our Health IT email address, which is samhsa.hit @samhsa. hhs.gov.On behalf of the members of the SAMHSA Health IT unit, I want to thank everybody for participating in this webinar. We hope that you will join us for the next webinar in September. Thank you so much ..