Purpose

To explain when patient health information (PHI) may be exchanged without a signed authorization under federal (HIPAA) and Oklahoma (Title 43A) law, and how Substance Use Disorder (SUD) information is handled differently under 42 CFR Part 2.

Because Tulsa Family Psychiatry & Wellness (TFPW) provides psychiatric and behavioral-health services, most record exchanges are governed by Title 43A §1-109, not the general medical-records statute (76 O.S. §19).

Federal Law – HIPAA Privacy Rule

• Under 45 CFR §164.506, providers may disclose PHI to another healthcare provider for treatment, payment, or healthcare operations without authorization.

• “Treatment” is defined in 45 CFR §164.501 as the coordination or management of care between providers.

• Example: TFPW may share medication lists or clinical summaries with another treating provider to coordinate care.

References:

• 45 CFR 164.506

• 45 CFR 164.501

Oklahoma Law – Title 43A §43A-1-109

State law allows disclosure of mental-health information between licensed providers for treatment purposes without patient authorization, provided only the minimum necessary information is shared.

Important: This exception does not apply to substance-abuse or SUD records.

Reference:

5. An authorization shall not be required for the following uses and disclosures, but information disclosed pursuant to one of these exceptions must be limited to the minimum amount of information necessary:

1. Disclosure by a health care provider of mental health information necessary to carry out another provider’s own treatment, payment, or health care operations. Such disclosures shall be limited to mental health information and shall not include substance abuse information; 43A OK Stat § 43A-1-109 (2014)

42 CFR Part 2 – Substance Use Disorder (SUD) Records

• Applies to any provider or program that diagnoses, treats, or refers for SUD.

• Written patient consent is required before disclosing or requesting SUD records, even for treatment purposes.

• Records from a Part 2 program remain protected after receipt.

• Consent forms must clearly state they authorize disclosure under 42 CFR Part 2.

References:

• 42 CFR Part 2, Subpart C

• HHS/SAMHSA Final Rule – 2020 Modifications

Comparison Summary

Practical Examples

Frequently Asked Questions (FAQ)

Q1: Can I send a patient’s psychiatry note to another provider?
✅ Yes, if it’s for treatment.
Under Title 43A §1-109 and HIPAA 45 CFR 164.506, licensed providers may share mental-health information with other treating providers for coordination of care — no authorization required.
However, release only the minimum necessary (e.g., diagnosis, medications, treatment plan) and never include psychotherapy notes.

Q2: What counts as “psychotherapy notes”?
“Psychotherapy notes” are the provider’s personal process notes — reflections, impressions, or details of conversations — that are kept separate from the medical record.
They are not subject to patient access and cannot be disclosed except by the originator’s written authorization.

Q3: Can we fax or portal-share records to another behavioral-health provider?
✅ Yes, if the exchange is for treatment.
Always confirm the recipient’s identity and use secure, encrypted methods (e.g., HIPAA-compliant fax, secure email, or EHR portal).
Label any Substance Use Disorder content as “42 CFR Part 2 Protected” if included.

Q4: What if the record mentions substance-use history or treatment?
⚠️ Stop and verify.
If the information identifies the patient as having or receiving treatment for a Substance Use Disorder (SUD), it’s protected under 42 CFR Part 2.
You must have a specific, written Part 2-compliant consent naming the recipient and purpose.
Do not include SUD information in any general ROI release.

Q5: Can a patient’s attorney obtain their records with a signed authorization?
✅ Yes, but only with proper consent.
The authorization must satisfy Title 43A §1-109 requirements, and if SUD information is present, it must also meet 42 CFR Part 2 standards.
A subpoena alone is not sufficient.

Q6: What fees can we charge for psychiatric records?
💡 Cost-based only.
Because TFPW’s records fall under Title 43A, the fee schedule in 76 O.S. §19 (including the $20 retrieval fee) does not apply.
You may charge only for actual costs of copying, supplies, and postage — not search or handling time.

Q7: What should I do if I’m unsure which law applies?
Always err on the side of confidentiality.
If you’re uncertain whether a request falls under HIPAA, Title 43A, or 42 CFR Part 2, pause and escalate to the Privacy Officer before releasing or requesting any information.

✅ Bottom Line

When mental-health or SUD records are involved, assume they are more protected than ordinary medical records.
Share only what’s necessary, document the basis, and when in doubt — ask before you release.

HHS modifies substance use disorder privacy regulations

WASHINGTON CONNECTION – JULY 17, 2020

July 16, 2020:  The Substance Abuse and Mental Health Services Administration, an agency within HHS, released a final rule modifying the 42 CFR Part 2 regulation governing the confidentiality of records for patients with substance use disorder (SUD). While HIPAA permits the sharing of patient data for treatment, payment, and healthcare operations without patient consent, Part 2 creates a separate standard for the sharing of SUD information that requires patient consent. Key modifications include:

• Treatment records created by non-Part 2 providers are explicitly not covered by Part 2, unless any SUD records previously received from a Part 2 program are incorporated into such records;
• SUD patients may consent to disclosure of Part 2 treatment records to a practice without naming an individual (previously, they would have had to identify a specific person in the practice); and
• Non-opioid treatment program and non-central registry treating providers are now eligible to query a central registry in order to determine whether their patients are already receiving opioid treatment.