Staff and managers of alcohol and other drug (AOD) abuse treatment facilities must be aware of legal requirements that arise when providing services to clients who are HIV infected, perceived to be HIV infected (based upon conjecture, myth, fear, or stereotype), or diagnosed with AIDS. Also relevant are legal requirements for dealing with infectious diseases such as tuberculosis (TB) or sexually transmitted diseases (STDs) that are often associated with HIV/AIDS.
Legal provisions are designed to ensure client access to care, prevent discrimination, maintain client trust, handle communications among providers while maintaining client confidentiality, and provide optimal medical and treatment services to clients with HIV/AIDS and other infectious diseases.
Under three headings, this chapter addresses legal issues relevant to the treatment of HIV-infected AOD abusers: access to treatment, confidentiality, and HIV counseling and TB testing.
Access to treatment. Discrimination against people with HIV/AIDS has arisen in a wide range of service settings. Problems have included denial of services, provision of inadequate care, and violation of confidentiality regarding clients' HIV/AIDS status. Depending on the circumstances, involuntary termination of care may also be classified as a discrimination issue.
Rules governing access to treatment are included in various AIDS-specific antidiscrimination laws, general antidiscrimination laws, and provisions limiting involuntary termination of care by a treatment program. Federal, State, and local AIDS antidiscrimination laws have been developed in response to AIDS-related discrimination. Other antidiscrimination statutes have been interpreted and expanded to cover HIV/AIDS. Agencies should consult counsel to determine relevant State and local laws.
Confidentiality. Maintaining strict confidentiality of sensitive client information is crucial to the client-provider therapeutic relationship in AOD abuse treatment. Confidentiality also assists efforts to carry out counseling and testing for HIV/AIDS, TB, and STDs, as well as contact tracing/partner notification services.
Confidentiality regulations and statutes are specific to drug treatment services and to HIV/AIDS-related services. The latter cover HIV counseling and testing (for example, voluntary and mandatory testing, informed consent, and anonymous and confidential testing), TB testing and treatment, and STD testing and treatment.
Confidentiality provisions are found in both Federal and State laws and regulations. Federal regulations are designed to ensure quality treatment for AOD clients in facilities receiving Federal assistance. State confidentiality requirements are most commonly directed at protecting information about HIV/AIDS status in the HIV-counseling-and-testing as well as in care-providing settings.
HIV counseling and tuberculosis testing. The 1993 Federal Substance Abuse Prevention and Treatment Block Grants: Interim Final Rule requires States to ensure that counseling and education about HIV and TB are provided as part of the "interim services" they must provide for individuals awaiting treatment for intravenous drug abuse (45 C.F.R. §96.126). In addition, programs are required to provide TB services, including development of protocols "to prevent the transmission of tuberculosis, such as screening patients" (45 C.F.R. §§96.127, 96.128). Many States also require these services. (See section on TB screening in Chapter 3.)
In addition, Federal regulations for methadone maintenance programs require HIV counseling of clients (21 C.F.R. 291 §291.505(i)(C)) and require TB testing as part of each client's initial medical evaluation (21 C.F.R. §291.505(d)(3)).
The incidence of TB has increased dramatically in recent years, mostly in geographic areas and demographic groups that have a high incidence of HIV/AIDS, including the AOD abuse population. Cases of multidrug-resistant TB (MDR-TB) are also increasing; most of these cases occur in persons with HIV/AIDS.
Because of the high correlation between TB, HIV infection, and AOD abuse, treatment programs should be aware of Federal and State requirements with regard to counseling and testing, reporting of HIV/AIDS and TB to public health authorities, providing treatment for HIV/AIDS and TB (preventive therapy for nonactive cases as well as treatment of active TB), and dealing with noncompliant TB-positive clients. Treatment programs also should be aware of their legal obligations to inform individuals that they may have been unknowingly exposed to contagious TB ("duty to warn").
Two Federal laws include prohibitions on AIDS-related discrimination: the 1990 Americans with Disabilities Act and the 1973 Rehabilitation Act. In addition to these Federal statutes, most States and many city and county governments have also enacted laws, statutes, and regulations prohibiting AIDS-related discrimination. AOD programs should consult counsel to determine which Federal laws and State laws and regulations are applicable to them.
The 1990 Americans with Disabilities Act (ADA) prohibits discrimination against people with disabilities in employment (Title I) and in public accommodations (Title II), as well as in public transportation, State and local government services, and telecommunications. Under the ADA, the term "people with disabilities" includes persons who are HIV infected or perceived to have HIV infection or AIDS, and those diagnosed with AIDS. "Public accommodations" are defined as private entities that serve the public, including treatment programs and other healthcare facilities. ADA prohibits requiring individuals to be tested for HIV as a condition of admission to treatment.
State HIV counseling and testing statutes (discussed in the Confidentiality section of this chapter) outline limited conditions that allow for mandatory HIV testing. ADA is the only Federal law that addresses conditions for carrying out HIV testing.
Additionally, ADA prohibits refusal to admit for treatment persons with HIV/AIDS or persons perceived to be HIV infected who are otherwise eligible. Providing differential treatment that is less adequate or limiting because of the client's real or perceived HIV/AIDS status is also prohibited.
AOD treatment providers are required by ADA to make some accommodations to enable individuals with HIV/AIDS to participate in and benefit from treatment services; however, such accommodations are not required to the extent that the basic nature of services offered is changed or that undue financial hardship is incurred.
ADA prohibits segregating persons with HIV/AIDS or providing them with differential treatment in order to protect others from infection. Rather, alternative measures, such as infection control procedures and staff education, must be undertaken to prevent the spread of infection. Preventive guidelines in these areas have been developed by the Centers for Disease Control and Prevention (CDC 1987b, 1988;Occupational Safety and Health Administration, 1992).
The 1973 Rehabilitation Act has been interpreted to prohibit discrimination against persons with disabilities, including persons with HIV/AIDS. Entities covered include Federal agencies and recipients of any Federal funding (either contractors or grantees). Most AOD treatment and health agencies are classified as grantees under the 1973 Act.
State laws outline both general requirements for services and care that agencies must provide to clients and those circumstances under which involuntary termination of care is allowable. These State provisions define an agency's responsibility to treat people, and conditions delimiting involuntary termination of care; the definition deals with due process for clients and agencies' compliance with medical malpractice rules. State laws do not allow AOD treatment agencies to terminate care or fail to serve clients because of their HIV/AIDS status.
Under these State provisions, clients who resist receiving care and disrupt the clinic's operations may be denied services if their behavior is defined as unreasonable and if accommodating such behavior would substantially change the nature of the services offered by the clinic. However, programs should seek counsel to determine the specific State laws and requirements that define compliance with this requirement.
The only Federal regulations relating to involuntary termination of care are the regulations governing the provision of methadone maintenance treatment, which specify circumstances under which a client's noncompliance with treatment can result in denial of services. Given the high percentage of AOD clients who are HIV-infected, these regulations have possible implications for limiting access to AIDS-related prevention and care services provided in AOD settings or facilitated by AOD program staff in other settings.
Strict confidentiality of client information, including information about HIV/AIDS status, is crucial to the maintenance of the therapeutic relationship. Clients rely upon this standard of confidentiality when they enter care, and while in treatment they continue to trust that their medical and personal records will be protected from unwanted and unwarranted disclosure.
From their origin in the tradition of professional ethics regarding the provider-client relationship, confidentiality standards have evolved into rights that are protected by both Federal regulations and State laws. Maintaining confidentiality about client HIV/AIDS status is primarily governed by State provisions. Federal regulations on confidentiality do not govern confidentiality of HIV/AIDS status but are relevant because they relate to maintaining confidentiality of information about a client's status in an AOD abuse treatment program.
Federal laws and corresponding regulations require the maintenance of strict confidentiality of information about persons receiving AOD prevention and treatment services (i.e., 42 U.S.C. §290 dd-3, ee-3; 42 C.F.R., Part 2). Information protected under these confidentiality provisions includes any information about a client in an AOD program. While the regulation does not specifically prohibit release of information about a client's HIV/AIDS status, any release of such information that would directly or indirectly identify that individual as a client is prohibited. Therefore, release of information about a client's HIV/AIDS status that also revealed the client's status as an AOD treatment client would be covered under Federal confidentiality laws.
The purpose of these laws and regulations is to protect client privacy in order to secure participation in treatment. In some instances, these confidentiality requirements place restrictions on communication that are more severe than generally required by the standards of either doctor-patient confidentiality or attorney-client privilege.
Unless otherwise noted, AOD confidentiality provisions cover any program that provides treatment, counseling, and/or assessment and referral services for persons with AOD problems. The regulations apply only to programs that receive Federal assistance. However, "Federal assistance" is defined broadly to include indirect forms of Federal aid such as tax-exempt status or State or local government funding that in whole or part derives from Federal sources.
Federal confidentiality regulations outline the circumstances in which disclosure of information about clients in AOD programs is prohibited, exceptions under which disclosure is allowed, requirements for obtaining clients' written informed consent to the disclosure of information, and requirements regarding the sharing of information with outside agencies that provide program services.
Federal regulations prohibit disclosure of records or other information on any client in a federally assisted AOD abuse treatment program, except under certain limited conditions (see below, Exceptions to the Provision of Disclosure). Disclosure is prohibited regardless of whether the person seeking information, already has it, has other means of obtaining it, enjoys official status (e.g., a judge or law enforcement officer), has obtained a subpoena or warrant, or is authorized by State law to obtain the information. The Federal regulations invalidate any less stringent State laws governing disclosure of information about patients in AOD programs; however, States may have confidentiality regulations that are stricter than Federal requirements. Redisclosure of information (i.e., transmitting to a third party confidential information received in compliance with procedures) is prohibited unless done in compliance with Federal regulations.
Federal law permits limited disclosure of information about identified clients in AOD abuse programs with written client consent if the consent form complies with Federal regulations. In addition, there are several conditions under which disclosure may be made without client consent.
Exceptions to the prohibition of disclosure include disclosures made in the following instances:
As part of internal program communications
In response to a medical emergency
In response to a court order following a court hearing in which disclosure is authorized
In response to a crime committed at the treatment program or against program personnel
In the course of reporting child abuse
Pursuant to a qualified service organization agreement
In providing information that does not associate the client with AOD abuse and does not identify the client as being in AOD treatment
For research, audit, or evaluation purposes.
Except for the first exception involving written consent, none of the above situations require written client consent. Following is a more detailed discussion of written client consent and each of these exceptions.
A proper written consent form must contain all of the following (as detailed in Federal confidentiality regulations, 42 C.F.R. §2.31):
The name, or a general description, of the program(s) making the disclosure
The name or title of the individual or organization that will receive the disclosure
The name of the client who is the subject of the disclosure
The purpose of or need for the disclosure
The amount and nature of the information to be disclosed
A statement that the client may revoke (take back) consent for the disclosure at any time, except to the extent that the program has already acted on it (A specific length of time or "cooling off" period is not required before the disclosure occurs.)
The date, event, or condition upon which the consent expires if not previously revoked
The signature of the client (In the case of a minor, some States require the signature of a parent.)
The date on which the consent is signed.
Following are a number of items that deserve further explanation, including the purpose of the disclosure and how much and what kind of information will be disclosed, the client's right to revoke the consent statement, expiration of the consent form, required notice against rereleasing information, and discretion of agency to release information authorized by the consent form.
Purpose of disclosure/information that will be disclosed. These two items are closely related. All disclosures, and especially those made pursuant to a consent form, must be limited to information that is necessary to accomplish the need or purpose for the disclosure (§2.13(a)). For example, it would be improper to disclose everything in a client's file if the recipient of the information only needs a specific item of information.
In completing a consent form, it is important to determine the purpose or need for the communication. Once this has been identified, it is easier to determine how much and what kind of information will be disclosed and to tailor the disclosure to what is essential to accomplish the identified need or purpose.
For example, if a client needs documentation of participation in a treatment program to be eligible for a benefit (such as home relief), the purpose of the disclosure would be "to obtain home relief benefits" and the amount and kind of information to be disclosed would be "enrollment in treatment." The disclosure would then be limited to a statement that "Jane Doe [the client] is participating in treatment at the XYZ Program." No other information about the client would be released.
Client's right to revoke consent. The general consent form authorized by Federal regulations permits clients to revoke consent at any time (orally or in writing); the consent form must include a statement to this effect.
If a program has already made a disclosure prior to the revocation, the program has acted in reliance on the consent (i.e., the program was relying on the consent form when it made the disclosure). Therefore, the program is not required to try to retrieve the information it has already disclosed. Federal regulations state that acting in reliance includes the provision of services while relying on the consent form to permit disclosures to a third-party payer. (Third-party payers are health insurance companies, Medicaid, or any party that pays the bills other than the client's family or the treatment agency.) Thus, a program can bill the third-party payer for past services provided before consent was revoked. However, a program that continues to provide services after a client has revoked a consent form authorizing disclosure to a third-party payer does so at its own financial risk.
Expiration of consent form. The form must also contain a date, event, or condition on which it will expire if not previously revoked. A consent must last "no longer than reasonably necessary to serve the purpose for which it is given" (§2.31(a)(9)).
It is better practice to think through how much time the consent form should run than to have all consent forms expire within a standard timeframe (e.g., 60 or 90 days). When uniform expiration dates are used, agencies can find that they have a need for a disclosure but that the client's consent form has expired. In such a situation, at the least, the client must come to the agency again to sign a new consent form. At worst, the client has left or is unavailable (e.g., in the hospital or incarcerated), and the agency cannot make the disclosure.
The consent form does not need to contain a specific expiration date but may instead specify an event or condition. For example, if a client is being referred to a specialist for a single appointment, the consent form should provide that it will expire after he or she has seen "Dr. X."
Required notice against rereleasing information. Any disclosure made with written client consent must be accompanied by a written statement that the information disclosed is protected by Federal law and that the person receiving the information cannot make any further disclosure of such information unless permitted by the regulations (§2.32). This statement, not the consent form itself, should be explained and provided to the recipient of the information at the time of disclosure or earlier. The prohibition on redisclosure is clear and strict. Those who receive the notice are prohibited from rereleasing information except as permitted by the regulations. (However, a client may sign a consent form authorizing such a redisclosure.)
Discretion of agency to determine release of information authorized by consent form. The fact that a client has signed a proper consent form authorizing the release of information does not force a program to make the proposed disclosure unless the program has also received a subpoena or court order (§§2.3(b); 2.61(a)(b)). The program's only obligation is to refuse to honor a consent that is expired, deficient, or otherwise known to be revoked, false, or invalid (§2.31(c)). In most cases, the decision whether or not to make a disclosure pursuant to a consent form is within the discretion of the program unless State law requires or prohibits disclosure once consent is given. In general, it is best to use the following rule: disclose only what is necessary, for only as long as is necessary, keeping in mind the purpose of the communication.
Federal regulations allow staff within a program to share client information among themselves if their AOD abuse work requires it (see Exhibit 7-1).
There are circumstances in which Federal law allows the sharing of information among units within a larger entity. To comply with this provision, the unit with which the AOD program can share information must have direct administrative control over the AOD program. Agencies should be aware that if information sharing occurs, they must ensure that each unit complies with its responsibility to maintain confidentiality of client information. Agencies should consult with counsel before setting up such an internal communications system.
In the course of a medical emergency, a program may disclose information about a client to public or private medical personnel (but not to nonmedical personnel) "who have a need for information . . . for the purpose of treating a condition which poses an immediate threat to the health of any individual and requiring immediate medical intervention." The regulations define "medical emergency" as a situation that poses an immediate threat to the health of any individual and requires immediate medical intervention (§2.51). Thus, AOD and AIDS-related information can be provided to medical personnel in the course of providing appropriate treatment to a client in a medical emergency. However, this information cannot be provided to nonmedical personnel because they have no such "need to know." Medical personnel refers to persons with medical degrees.
A State or Federal court may issue an order for an AOD abuse treatment program to make a disclosure of client-identifying information that would otherwise be prohibited. However, the court must follow procedures and make determinations as required by Federal regulations and State laws. Court-ordered release of AOD information is governed by Federal regulations; corresponding State provisions that are less stringent are preempted by the Federal regulations, but more strict State provisions do apply. No Federal regulations address release of AIDS-related information; many States have strict requirements prohibiting release of AIDS-related information through court order. Programs should consult counsel to determine what laws apply in their States.
A State or Federal court may issue an order that will permit a program to make a disclosure about a client that would otherwise be forbidden. A court may issue one of these authorizing orders only after it follows special procedures and makes determinations required by the regulations. A subpoena, search warrant, or State arrest warrant, even when signed by a judge, is not alone sufficient to require or even to permit a program to disclose information (§2.61).2
Before a court can issue a court order authorizing a disclosure about a client, the program and any clients whose records are sought must be given notice of the application for the order and opportunity to make an oral or written statement to the court.3 A client's oral or written statement can be made by a person acting on the client's behalf, such as an attorney.
Generally, the application and court order must use fictitious names for any known client, and all court proceedings in connection with the application must remain confidential unless the client requests otherwise (§§2.64(a), (b), 2.65, 2.66).
Before issuing an authorizing order, the court must find that there is "good cause" for the disclosure. A court can find "good cause" only if it determines that the public interest and the need for disclosure outweigh any negative effect that the disclosure will have on the patient, on the doctor-patient or counselor-patient relationship, or on the effectiveness of the program's treatment services. Before it may issue an order, the court must also find that other ways of obtaining the information are not available or would be ineffective (§2.64(d)). The judge may examine the records before making a decision (§2.64(c)).
If the purpose of seeking the court order is to obtain authorization to disclose information in order to investigate or prosecute a patient for a crime, the court must also find that:
The crime involved is extremely serious, such as an act causing or threatening to cause death or serious injury.
The records sought are likely to contain information of significance to the investigation or prosecution.
There is no other practical way to obtain the information.
The public interest in disclosure outweighs any actual or potential harm to the patient, the doctor-patient relationship, and the ability of the program to provide services to other patients.
When law enforcement personnel seek the order, the court must also find that the program had an opportunity to be represented by independent counsel. If the program is a governmental entity, it must be represented by counsel (§2.65(d)).
There are limits on the scope of the disclosure that a court may authorize, even when it finds good cause. The disclosure must be limited to information essential to fulfill the purpose of the order, and it must be restricted to those persons who need the information for that purpose. The court should also take any other steps that are necessary to protect the client's confidentiality, including sealing court records from public scrutiny (§§2.64(e), 2.65(e)).
The court may order disclosure of "confidential communications" by a client to the program only if the disclosure fills at least one of the following conditions:
It is necessary to protect against a threat to life or of serious bodily injury.
It is necessary to investigate or prosecute an extremely serious crime (including child abuse).
It is needed in connection with a proceeding at which the client has already presented evidence concerning confidential communications (for example, "I told my counselor. . . .") (§2.63).
When a client has committed or threatened to commit a crime on program premises or against program personnel, Federal regulations permit the program to seek the assistance of or report the crime to a law enforcement agency.
In such a situation, without any special authorization, the AOD abuse treatment program can disclose the circumstances of the incident, including the suspect's name, address, last known whereabouts, and status as a client of the AOD program. State laws govern the reporting of HIV/AIDS status to law enforcement agencies.
Reporting child abuse and neglect. All 50 States and the District of Columbia have statutes requiring reporting when there is reasonable cause to believe or suspect child abuse or neglect. Although many State statutes are similar, each State has different rules about what kinds of conditions must be reported, who must report, and when and how reports must be made.
Most States now require not only physicians but also educators and social service workers to report child abuse. Most States require an immediate oral (usually telephone) report and many now have toll-free numbers to facilitate reporting. (Half the States require both oral and written reports.) All States extend immunity from prosecution to persons reporting child abuse and neglect. (In other words, a person who reports child abuse or neglect cannot be brought into court.) Most States provide for penalties for failure to report.
Federal confidentiality regulations permit programs to comply with State laws that require the reporting of child abuse and neglect. Thus, if a client reveals to program staff that he or she has neglected or abused children, that fact may well have to be reported to State authorities. Note, however, that this exception to the general rule prohibiting disclosure of any information about a client applies only to initial reports of child abuse or neglect. Programs may not respond to followup requests for information or to subpoenas for additional information, even if the records are sought for use in civil or criminal proceedings resulting from the program's initial report, unless the client consents or the appropriate court issues an order under subpart E of the regulations.
Because of the variations in State laws, programs should consult an attorney familiar with the law in their States to ensure that their reporting practices are in compliance.
Qualified service organization agreements. If an AOD program routinely needs to share certain patient information with an outside agency that provides services to the program, it can enter into what is known as a qualified service organization agreement (QSOA). This is a written agreement between a program and an entity providing services to the program. A QSOA is not the same as an interagency agreement or memo of understanding unless (1) those instruments embody an agreement between an AOD abuse treatment program or an entity providing services to the program and (2) those instruments contain the language that Federal regulations require a QSOA to contain.
With a QSOA, the person or agency does the following:
Acknowledges that in receiving, storing, processing, or otherwise dealing with any client records from the program, he or she is fully bound by Federal confidentiality regulations
Promises that, if necessary, he or she will resist any efforts to obtain access to patient records except as permitted by these regulations (42 C.F.R. §§2.11, 2.12(c)(4)).
A QSOA should be used only when an agency or official outside the program is providing a service to the program itself. An example is when laboratory analyses or data processing are performed for the program by an outside agency. A QSOA is not permitted as a mechanism for sharing client information with an entity that is providing services to specific clients.
Communications that do not disclose patient-identifying information. Federal regulations permit programs to disclose information about a client if the information is not "patient identifying," that is, information that identifies someone as an AOD abuser. Thus, a program may disclose information about a client if that information does not identify him or her as an AOD abuser or support anyone else's identification of the client as an AOD abuser. There are two basic ways a program may make a disclosure that does not identify a client.
Aggregate information. A program can report aggregate data about its population (summing up information that gives an overview of the clients served in the program) or some portion of its population. For example, a program could tell a newspaper that in the last 6 months it screened 43 offenders, 10 female and 33 male.
Release of information that does not indicate or imply AOD status of client. A program can communicate information about a client in a way that does not reveal the client's status as an AOD abuse patient (§2.12(a)(i)). For example, a program that provides services to clients with other problems or illnesses as well as AOD abuse may disclose information about a particular client as long as the fact that the client has a substance abuse problem is not revealed. A program that is part of a general hospital could have a counselor call the police about a threat a client made, so long as the counselor does not disclose that the client has an AOD abuse problem or is a client of the AOD abuse treatment program.
Programs that provide only AOD abuse treatment services or that provide a full range of services but are identified by the general public as AOD programs cannot disclose information that identifies a client under this exception, since letting someone know a counselor is calling from the "XYZ Treatment Program" will automatically identify the client as someone in the program. However, a freestanding program can sometimes make "anonymous" disclosures, that is, disclosures that do not mention the name of the program or otherwise reveal the client's status as an AOD abuser.
Federal regulations permit AOD programs to disclose patient-identifying information to researchers, auditors, and evaluators without patient consent, provided that certain safeguards are met (42 C.F.R. §§2.52, 2.53).
Research. AOD programs can disclose patient-identifying information to persons conducting "scientific research" if the program director determines that the researcher (1) is qualified to conduct the research, (2) has a protocol under which patient-identifying information will be kept in accordance with the regulations' security provisions (see §2.16), and (3) has provided a written statement from a group
of three or more independent individuals who have reviewed the protocol and determined that it protects clients' rights. Researchers are prohibited from identifying any individual client in any report or otherwise disclosing any client identities except to the program.
Audit and evaluation. Approved entities performing an audit or evaluation (e.g., utilization or quality control review) may have access to client records on the program's premises. Approved entities include Federal, State, and local government agencies that fund or are authorized to regulate a program, private entities that fund or provide third-party payments to a program, and peer review agencies. Any person or entity that reviews client records to perform an audit or conduct an evaluation must agree in writing that it will use the information only to carry out the audit or evaluation and that it will redisclose client information only (1) back to the program, (2) in accordance with a court order to investigate or prosecute the program (§2.66), or (3) to a government agency overseeing a Medicare or Medicaid audit or evaluation (§2.53(a), (c), (d)).
Approved entities may also copy or remove records only if they agree in writing to maintain patient-identifying information in accordance with the regulations' security requirements (see §2.16), to destroy all patient-identifying information when the audit or evaluation is completed, and to redisclose client information only (1) back to the program, (2) in accordance with a court order to investigate or prosecute the program (§2.66), or (3) to a government agency overseeing a Medicare or Medicaid audit or evaluation (§2.53(b)).
Any other person or entity who is determined by the program director to be qualified to conduct an audit or evaluation and who agrees in writing to abide by the restrictions on redisclosure can review client records. However, only approved entities can copy or remove records.
Followup research. Research that follows clients after they leave treatment presents a special challenge under Federal confidentiality regulations. The AOD program researcher or evaluator who seeks to contact former clients to gain information about their status after leaving treatment has to take care that this is done without disclosing to others any information about the former clients' connection to the AOD abuse treatment program.
If followup contact is attempted over the phone, researchers must ensure that they are talking to the client before they reveal who they are or that there is a connection to AOD abuse treatment. For example, asking for Sally Jones when her husband or child answers the phone and announcing that the caller is from the XYZ AOD Program (or the Drug Research Corporation) violates the regulations. Another approach is for the program (or research agency) to form another entity, without a hint of AOD treatment in its name (e.g., Health Research, Inc.), that can contact clients without worrying about disclosing information in the contact itself. However, when clients are being called by this entity, the researchers still must ensure that they are speaking to the client before revealing any connection to AOD abuse treatment.
If followup is done by mail, the return address on the letter should not disclose any information that could lead anyone seeing the envelope to conclude that the addressee was in AOD abuse treatment.
A variety of State confidentiality laws may affect how services are provided to AOD abuse clients. These laws may control the release of medical records, limit the ability of persons to testify in court based on information obtained when providing professional services (testimonial privilege), or prohibit disclosure of information regarding specific medical conditions such as drug abuse or HIV/AIDS. Service providers and AOD treatment staff should consult with legal counsel to determine which State confidentiality laws affect their practices, and develop protocols and training programs to ensure that these laws are followed.
There is a wide range of State HIV/AIDS confidentiality laws. A number of States include HIV/AIDS under STD confidentiality protection statutes and regulations. All States require informed consent for an HIV test. All States require reporting of AIDS cases; most States require reporting of persons testing HIV positive, either by name or by means of other identifying information.
State HIV/AIDS confidentiality provisions typically cover:
HIV counseling and testing
Requirements for obtaining consent prior to HIV testing
Provisions for anonymous and confidential HIV testing
Reporting of HIV infection and/or AIDS to public health authorities
Recordkeeping of HIV/AIDS results and medical records
Notification of partners of HIV-positive patients
Disclosure of HIV/AIDS-related client information.
Confidentiality considerations also arise under "duty-to-warn" situations, in which programs are faced with the dilemma of reporting a client's threat to inflict harm to self or others. Duty-to-warn provisions may be addressed by State law or court interpretation.
AOD abuse treatment programs increasingly are providing HIV counseling and testing services to clients. Individuals identified as HIV positive can obtain early treatment that can ameliorate the opportunistic infections associated with HIV infection and may delay the onset of AIDS. Nevertheless, some clients choose not to be tested for HIV infection. Clients have a right to refuse HIV testing and cannot be denied access to care or continued treatment services if they exercise this right.
A wide range of State and local laws specify how HIV testing and counseling are to be conducted. In addition, CDC guidelines (CDC, 1987a) state that all clients being tested for HIV should receive pre- and posttest counseling. Pretest counseling should provide information about consent, testing procedures, interpretation of test results, and requirements for the reporting of test results. In addition, pretest counseling should cover how HIV is transmitted, how clients can reduce their risk either of becoming infected or of infecting others, and how HIV/AIDS can be treated.
Individuals should be notified about their HIV status in person during posttest counseling, not by mail or over the phone. Face-to-face notification is critical because of the emotional stress associated with receiving HIV results. In addition, it is essential that counseling about risk reduction, partner notification, and treatment take place when the client is notified of the test results.
Some States require mandatory testing of certain individuals, such as mentally ill or mentally retarded patients, marriage license applicants, sex offenders, and persons convicted of illegal use of hypodermic instruments. Two States (Rhode Island and Washington) currently mandate HIV testing for persons convicted of possession of a hypodermic instrument associated with intravenous drug use or convicted of a drug offense determined to be associated with the use of hypodermic needles. Treatment programs should determine their State's requirements, particularly as they relate to injection drug users.
All States require that clients give consent prior to HIV testing. States vary in their requirements for oral or written consent; consent must be written in some States. Oral consent typically must be documented in the client's medical record. Exceptions to this rule include Federal exceptions outlined above regarding disclosure of information about persons receiving AOD services. (Information includes HIV/AIDS status if such information is included in a client's AOD records and revealing it would reveal that the individual was a client in an AOD program.) (See above, Exceptions to the Prohibition of Disclosure.) Additional exceptions are outlined below in the section, Disclosure of AIDS-Related Information.
In some States, minors can give informed consent for HIV testing without parental agreement. In those States that require reporting of HIV-positive cases, informed consent requirements should include information about the provision of information on HIV/AIDS status to public health authorities.
An HIV test can be provided either confidentially or anonymously. In confidential testing, the client is identified and informed of the test result; measures are taken to restrict access by third parties to information about the client's test result (see Recordkeeping, below). In anonymous testing, no client-identifying information is obtained. State laws often require that clients be offered the option of confidential or anonymous testing and have the benefits of each explained. Twenty-seven States have laws that specifically provide the option of anonymous HIV testing.
State laws govern requirements on reporting of HIV infection and/or AIDS cases to public health authorities. Most States require reporting of HIV infection; all States require reporting of AIDS cases. The confidentiality of all reportable information is safeguarded by State law. State reporting requirements specify who must report HIV/AIDS data (e.g., doctors, laboratories), when reports are to be made, and in what form (e.g., by name, code, or demographic information).
State requirements vary on reporting of HIV infection; some States require reporting by name, and others only require reporting of demographic information or codes on HIV-infected individuals. States require reporting of diagnosed AIDS cases according to the Federal definition of AIDS. Under the new Federal definition of AIDS adopted December 18, 1992, which is based upon a CD4 cell count below 200 and the presence of selected opportunistic infections, many persons who would have previously been diagnosed as having HIV infection are now diagnosed as having AIDS.
Exhibit 7-2 reviews procedures that AOD abuse treatment programs should follow in complying with State reporting requirements as well as Federal regulations on disclosure of patient AOD information.
Both Federal and State provisions govern recordkeeping requirements for AOD abuse treatment programs that treat clients with HIV/AIDS, including the circumstances under which HIV/AIDS-related information can be released if it is part of an AOD file. AOD programs should consult counsel to determine what applicable State laws apply.
Federal AOD regulations require that written patient records be maintained in a secure room, locked file cabinet, or another safe and secure location and container. These regulations apply to client information generally; they do not specify HIV/AIDS status as protected information. However, such information is protected to the extent that it is included in the client's record at the AOD abuse treatment program, and release of such information would reveal that the individual was an AOD program client. Written procedures should be developed regulating access to and use of records.
State law governs the circumstances under which HIV/AIDS-related information must be recorded, where it must be recorded, and how it must be safeguarded. If a client signs a consent form permitting disclosure of information about AOD abuse and the client's file also contains information about HIV/AIDS, the program may not release information about HIV/AIDS unless it has complied with State law. For example, if a client's file contains both AOD and HIV/AIDS information and the client wants disclosure of AOD information to an outside agency but not HIV/AIDS information, there are several ways a program can proceed:
The consent form can be drafted in a way that includes all (or relevant parts of) the AOD information but excludes all HIV/AIDS information. The consent form must contain a statement of the purpose of the disclosure and how much and what kind of information will be disclosed. The program can restrict access to HIV/AIDS information in a client's file by having the client sign a consent form that has as its purpose, for example, "referral for inpatient AOD treatment." How much and what kind of information to be disclosed would then be "AOD screening and assessment results."
The program can maintain a filing system that isolates drug and HIV/AIDS-related information in two different "treatment" and "medical" files and disclose only information from the "treatment" file. (This solution can be used whether or not State law protects HIV/AIDS information.)
The program can send the client's file without the HIV/AIDS-related information to the outside agency and put the following notice on the disclosure: This file does not contain any information protected by section [fill in section number] of [State] law. The fact that this notice accompanies these records is NOT an indication that this client's file contains any information protected by section [fill in section number]. If the client wants HIV/AIDS information to be disclosed to an outside agency, the program must ensure that it is complying with State law requirements before it releases any such information.
Programs that receive funds from the CDC to conduct HIV counseling and testing must follow CDC HIV counseling and testing guidelines, which include provisions on the maintenance of HIV counseling and testing data. AOD abuse treatment programs should consult CDC or their State health departments regarding these CDC guidelines.
Confidentiality of records may be maintained in several ways. State laws dictate how information is to be kept. Options include the following:
Single record. Maintain a single, comprehensive client record that includes medical and HIV/AIDS information; limit access to medical staff and others authorized to know medical information about the client. Reasons to include HIV/AIDS information in a client's file are for use in monitoring client progress, conducting case management, and maintaining agency compliance with program requirements on serving individuals. This approach, by making HIV/AIDS information available to a broader range of staff, requires the program to monitor more staff to ensure compliance with HIV/AIDS confidentiality requirements.
Separation of HIV/AIDS information. Maintain HIV/AIDS information separately from the rest of the client's medical record; limit access to HIV/AIDS information to medical staff and other authorized personnel. This approach is useful in limiting HIV/AIDS information to a smaller number of program staff. However, the medical files should contain a reference marker which states that HIV/AIDS information is contained in a separate file; this is necessary so that staff will know where to locate this information.
Separation of all medical information. Maintain all medical information separately from the rest of the client's record; limit access to medical personnel and other authorized personnel.
As with all other client data, HIV/AIDS information must be maintained in a safe and secure location accessible only to personnel directly involved in the provision of services to the client. It must, therefore, be inaccessible to staff members and others who have no need to know clients' HIV/AIDS status.
Criteria for the secure maintenance of HIV/AIDS client data are specified by State law and typically cover three areas:
Record retention and destruction
Secure physical storage of records
Access to records by staff and others, including legal authorities.
Many States specify sanctions for breach of confidentiality. AOD treatment providers should consult counsel to determine these sanctions. Providers should establish State sanctions or, if none exist, implement their own sanctions, including disciplinary action for breaches of confidentiality. All staff should know the consequences of violating these principles.
Persons who participate in sex or needle-sharing with HIV-infected individuals may be unaware that they are at risk for HIV infection. Partner notification procedures, also known as "contact tracing," exist to give these individuals the opportunity to receive an HIV test and appropriate counseling and medical treatment if they are found to be HIV positive. Partner notification also represents an opportunity to educate persons who may be at risk of HIV infection about behavioral risks and risk reduction.
According to CDC HIV counseling and testing guidelines, HIV testing programs should emphasize to infected clients that they have a responsibility to see that partners are informed of their status and referred for HIV counseling and testing. State laws on HIV counseling and testing may also recommend or require that HIV counseling include this type of counseling.
Many States require that State and local health department authorities routinely offer partner notification services to clients. AOD treatment providers may request that State or local health departments assist them in carrying out partner notification efforts with AOD abuse clients.
The two methods of partner notification are patient referral and provider referral. Patient referral occurs when the client, without the direct involvement of healthcare providers, tells partners that they may have been exposed to HIV and encourages them to seek HIV counseling and testing. Provider referral takes place when a client does not wish to notify partners directly and requests the assistance of a provider, typically the health department, in contacting them. The provider then notifies the client's partners that they may have been exposed to HIV. This approach relies upon the client's supplying partners' names to the provider.
Partner notification begins with a discussion between the infected client (the index patient) and a trained counselor. This discussion should cover the patient's risk factors, the disease process and complications, and the need to notify partners who may be at risk of infection.
Disclosure of partner names by an index patient is a voluntary process, according to State law. Clients must receive counseling, testing, and referral services without regard to their willingness to disclose partners' names. Partners who are notified should never be told the identity of the client who supplied their names or given any information about the client's HIV/AIDS status.
In the wake of the AIDS epidemic, many States have passed laws protecting HIV/AIDS information about clients. These laws are designed to encourage populations at risk for HIV/AIDS to determine their HIV status, begin medical treatment early, and change risk behaviors. Many State laws were based on the concern that those who are seropositive will not receive healthcare and risk reduction education because of discrimination in employment, medical care, insurance, housing, and other areas if their status becomes known to others.
State laws protecting HIV/AIDS information vary in scope. Most permit disclosures with written client consent. Many States permit disclosures in specific circumstances without client consent (see Confidentiality Laws, above). Many States require that HIV/AIDS-related information be kept in particular kinds of files, be accessible only to certain program staff, and be protected from unauthorized disclosure. Because State laws vary, it is essential that programs consult local counsel to find out what their State HIV/AIDS laws require.
In a duty-to-warn situation, it is the legal and moral duty of a professional to report a client's threat to harm himself/herself or others. A program may also be confronted with a situation where it wants to warn someone of a risk of HIV infection even if law does not impose such a duty. Many professionals feel that they have an ethical, professional, or moral obligation to prevent harm from occurring when they are in a position to do so.
A legal basis for duty to warn may be provided by State law or State court interpretation. There are no such provisions in Federal law or regulations. State laws typically allow, but do not require, a warning to be given. Most common are statutes that allow disclosure of AIDS-related information to spouses. Some State statutes also permit a health professional to undertake a risk-benefit assessment and to issue a warning if it is warranted and reasonable. Sometimes, these State laws prohibit disclosure of the infected person's identity, while allowing the healthcare provider to tell the person at risk that he or she may have been exposed.
A duty-to-warn situation might involve treatment staff awareness that an HIV-infected patient has failed to inform a sexual partner of his or her status. As a result, the partner is at risk for infection or may already have undiagnosed HIV infection. To avoid such situations, an AOD program should consider implementing an education program for clients' significant others, in which partners are informed that a high rate of HIV infection exists among AOD users and that they may wish to take precautions in sexual activity and injection drug use because of the possibility that their partners are HIV-infected.
There has been a developing trend in the law to require psychiatrists and other therapists to take "reasonable steps" to protect an intended victim when they learn that a patient presents a "serious danger of violence to another." This trend started with the case of Tarasoff v. Regents of the Univ. of Cal. (17 Cal. 3d 425 (1976)). In that case, the California Supreme Court held a psychologist was liable for money damages because he failed to warn a potential victim whom the psychologist's patient had threatened to kill; the patient subsequently did kill the threatened individual. The court ruled that if a psychologist knows that a patient poses a serious risk of violence to a particular person, the psychologist has a duty "to warn the intended victim or others likely to apprise the victim of the danger, to notify the police, or take whatever other steps are reasonably necessary under the circumstances."
Courts in other States have followed Tarasoff in finding therapists liable for money damages when they failed to warn someone threatened by a client. Most of these cases are limited to situations in which clients threaten a specific identifiable victim, and they do not usually apply where a client makes a general threat without identifying the intended target. States that have enacted laws on the subject have similarly limited the duty to warn to such situations.
In a duty-to-warn situation involving an AOD client, at least two and sometimes three questions must be answered:
Is there a legal duty to warn in this particular situation under State law? Legal counsel should be consulted to answer this question.
Even if there is no State legal requirement to warn an intended victim, does the program or counselor feel a moral obligation to warn him or her? It is advisable to seek legal counsel to answer this question.
If the answer to either of the previous questions is yes, can the program warn the victim or someone likely to be able to take action without violating Federal AOD regulations?
The Federal AOD confidentiality requirements conflict with the "duty to warn" imposed by States that have adopted the principles of Tarasoff. Simply put, Federal confidentiality laws and regulations prohibit the type of disclosure that Tarasoff and similar cases require. Moreover, Federal AOD regulations make it clear that Federal law overrides any State law that conflicts with Federal regulations (§2.20). In the only case, as of this writing, that addresses this conflict (Hasenie v. United States, 541 F. Supp. 999 (D. Md. 1982)), the court ruled that the Federal confidentiality law prohibited any report.
There are four ways a program can proceed when a client makes a threat to harm himself/herself or another:
The program can make a disclosure pursuant to a court order if the court order is obtained after following the requirements of the Federal AOD regulations.
The program can make a disclosure that does not identify the individual who threatens to commit the harm as a patient. This disclosure can be made by making an anonymous report or, for a program that is part of a larger non-AOD entity, by making the report in the larger entity's name.
The program can make a report to medical personnel if the threat presents a medical emergency that poses an immediate threat to the health of any individual and requires immediate medical intervention (§2.51).
The program can obtain the client's consent, although consent is unlikely to be given unless the client is suicidal.
Federal statutes and regulations prohibit any investigation or prosecution of a client based on information obtained from records unless the court order exception is used (42 U.S.C. §§290 dd-3(c) and ee-3(c) and 42 C.F.R. §2.12(d)(1)).
If none of the options mentioned above is practical, a program that believes there is a clear and imminent danger to a client or another person is probably wiser to report the danger to authorities or the threatened individual. This action is particularly the case for States that follow the Tarasoff rule. It is doubtful that any prosecution (or successful lawsuit) under the confidentiality regulations would be brought against a program or counselor who warned about potential violence when he or she believed in good faith that there was real danger to a particular individual. On the other hand, a civil lawsuit for failure to warn may well result if the threat is carried out. In any event, the program should try to make the warning in a manner that does not identify the individual as an AOD abuser.
Federally funded AOD abuse treatment programs are required to provide counseling and education about HIV and tuberculosis (TB) as part of the "interim services" for individuals awaiting treatment for intravenous drug abuse (45 C.F.R. §96.126). In addition, such programs are required to provide TB services (See Figure 7-3), including development of protocols to prevent the transmission of tuberculosis, such as screening patients (45 C.F.R. §§96.127, 96.128). Many States also require these services. In addition, Federal regulations for methadone maintenance programs require HIV counseling of clients (21 C.F.R. §291 291.505(i)(c)) and also require TB testing as part of each client's initial medical evaluation (21 C.F.R. §291.505(d)(3)).
AOD abuse, HIV infection, and TB are highly correlated. AOD programs funded under the Federal Substance Abuse Prevention and Treatment Block Grants: Interim Final Rule are required to provide TB services to clients or to make such services available. These services include TB testing, reporting of active TB cases to the health department, and providing treatment for those with active TB and preventive therapy for those with nonactive TB who require it. AOD abuse treatment programs must either provide these services themselves or make arrangements for their provision by healthcare providers who can and will serve the programs' clients. The steps programs must take to "make available" TB services is generally a matter of public health law.
Generally, all persons entering AOD treatment programs should receive a TB skin test. Federally funded methadone maintenance treatment programs are required to include a tuberculin skin test as part of each client's initial medical evaluation. AOD programs can make admission and continued enrollment in treatment contingent upon a client's willingness to be tested. This rule is different from that for HIV testing, discussed previously. Programs may not make HIV testing a mandatory requirement for admission to AOD treatment because HIV is not transmitted through casual contact and an HIV-positive client poses no danger to staff or other clients. AOD programs can deny treatment to anyone refusing TB testing because TB can be transmitted through casual contact and a client with active, untreated TB can pose a danger to staff and other clients.
Reporting of active TB is required in all States. State laws govern who must make a report. Generally, AOD programs that refer clients to outside healthcare facilities or laboratories for TB testing should make arrangements to ensure that those outside entities make the required reports.
AOD programs that provide TB testing services onsite must report active TB cases to the local and/or State health department, depending on State law. State reporting laws generally require that the client's name be disclosed. However, AOD abuse treatment programs making such reports must comply with Federal confidentiality regulations. Programs cannot simply send a list of names of active TB clients to the health department on program letterhead. There are a number of ways programs can report TB results to a health department without violating the Federal confidentiality regulations:
Client consent. The easiest way to comply with Federal regulations is to have all clients sign a consent form at the time they are tested for TB, permitting the reporting of positive test results to the health department.
Nonidentifying reporting. Programs that are part of a larger healthcare facility such as a general hospital can make the reports in the name of the larger entity without linking the client's name with AOD abuse treatment.
Qualified service organization agreement. A program can enter into a QSOA with a laboratory or healthcare facility that conducts TB testing or other services for the program. The treatment program can then give the names of the clients with positive TB test results to the laboratory or healthcare facility, which can then report those names to the health department. In making the report, the laboratory or healthcare provider would not disclose that the clients were in AOD treatment.
Court order. In the unlikely event that the client refuses to consent and no other arrangements can be made to make a report to the health department, the program could apply for a court order to authorize it to disclose the client's name when it makes the report.
AOD abuse treatment programs have the option of providing TB treatment services themselves or making arrangements with healthcare providers to treat the clients. Programs may find that simply handing clients a card with the name and address of the healthcare provider offering TB services is not enough. It is wiser for programs to act as case managers for clients in need of TB services, arranging appointments and communicating with the healthcare provider to ensure that clients receive or continue to receive the services they need. To communicate with a healthcare provider about the TB services a client needs, the program will need the client's written consent authorizing ongoing communications between the AOD treatment program and the healthcare provider.
AOD treatment programs should maintain communication with the healthcare providers serving their clients because it is important for programs to know whether clients having active TB or receiving prophylaxis for latent MDR-TB are following through with treatment. Those who do not follow through can pose a hazard for staff and other clients; they should be barred from entering the treatment program if it is suspected that they are contagious.
If a client with active TB or MDR-TB refuses to take his or her medication or stops taking it, the AOD program has a legal duty to report this behavior to the health department or another party as governed by State law. Programs should educate themselves about the legal requirements in their State. If the AOD program has referred the client to an outside provider, the outside provider will make the required report. If the AOD program is providing TB treatment services itself, it must make the report. Reports of noncompliance with TB treatment must follow Federal confidentiality regulations. The most efficient way to comply is with the client's consent. The most sensible time to obtain that consent is when the client begins TB treatment. The consent form should permit communication with the health department for as long as the course of treatment is expected to take place.
TB, unlike HIV, is contagious through casual contact. Responsibility for warning those at risk because of a client's active TB (for example, family members, significant others, or roommates) generally lies with the State or local health department. A major reason
active TB cases are reported to the health department is to facilitate contact tracing. AOD abuse treatment staff should educate themselves with the contact-tracing services of the local or State health department.
Site Map
Help
Account
Cart
Home
