Sharing Behavioral Health Information Amid the Opioid Crisis

Health Highlights

Editor’s Note: Manatt Health and the eHealth Initiative Foundation (eHI) recently co-hosted an executive roundtable on the role of health information technology in protecting and sharing behavioral health data during the opioid crisis. Thought leaders from across the industry and government explored the policies and technologies affecting the use of behavioral health information in patient care, examined privacy and security issues in the context of the opioid epidemic, and identified potential paths forward for advancing the integrated care models that are key to effective treatment. Manatt and eHI have partnered to create an issue brief, summarized below, capturing key highlights from the discussion. To download a free copy of the full issue brief, click here.


The Prescription Problem—and Potential Solutions

In the late 1990s, healthcare providers began prescribing opioids at greater rates to treat chronic pain. By 2015, the number of opioids prescribed was enough to have every American medicated around the clock for three weeks. By 2017, misuse of opioids officially reached epidemic levels, and a public health emergency was declared.

Opioids continue to be prescribed too frequently, for too long a time and in doses that are too high. In 2016, 40% of drug overdose and opioid-involved deaths were attributed to prescribed opioids. Overdose deaths have climbed among both men and women of all ages, races and class stratifications.  

Surescripts, the nation’s largest health information network (HIN), reports that 13% of all prescriptions filled in the United States are for controlled substances. Prior to 2010, federal law prohibited e-prescribing for controlled substances, and many states required special prescription pads and record keeping. In 2010, however, the Drug Enforcement Agency (DEA) revised regulations to allow electronic prescriptions for controlled substances. By 2015, all states had adopted this practice. More than 90% of pharmacies are now enabled for Electronic Prescribing of Controlled Substances (EPCS). However, fewer than 25% of prescribers are EPCS-enabled.

EPCS allows for the security of electronic records, a reduction in fraud and abuse, and an improvement in patient safety and care. It positions pharmacies and providers to better share patient information by tracking the frequency, length of time and dosages of patients using opioids.

The Regulation Problem

The opioid regulation problem is vast and complex. The National Institutes of Health (NIH), the DEA, the National Institute of Standards and Technology (NIST), the Centers for Disease Control and Prevention (CDC), the Centers for Medicare & Medicaid Services (CMS), the Substance Abuse and Mental Health Services Administration (SAMHSA), the Food and Drug Administration (FDA) and the Office of the National Coordinator for Health Information Technology (ONC) are all involved in creating policies and guidance on controlled substances and the privacy and security of those with substance use disorder (SUD).

State laws and regulations are compounded by federal laws, regulations, proposed rules, public notices, executive orders and proclamations. Sharing information across states lines creates additional complexities, with some states requiring more stringent standards of information sharing than others.

Provider uncertainty and apprehension around regulations do not bolster the integrated care models that are critical to achieving optimal outcomes for patients. Despite attempts by several federal agencies to clarify regulations, providers remain understandably confused. Misinterpretation of regulations between entities and individuals continues to hinder behavioral health information sharing.   

Industry Perspectives

During the roundtable, a program director at CRISP, a regional health information exchange (HIE) serving Maryland, shared the issues that HIEs face when trying to engage behavioral health organizations. HIEs have specific challenges around CFR Part 2, which requires patient consent for most disclosures of information about substance use treatment. CRISP’s Encounter Notification Service (ENS) would enable behavioral health organizations to know whether their patients were using facilities connected to the CRISP network, but Part 2 makes it difficult to decide who can receive data. Navigating the legality of receiving patient lists—a requirement for using HIE services—is even more challenging.

A manager of pharmacy technical standards development and policy at Walgreens spoke to the challenges of prescription drug monitoring programs (PDMPs)—electronic databases that track controlled substance prescriptions in each state. The manager shared that more actionable, “real-time” PDMP data would be helpful in clinical decision making. Both providers and pharmacies contribute to state systems—but reporting remains difficult, because there is no standardization in the way PDMP information is entered or viewed across states.

The chief information security officer vice president at OhioHealth is working on the technology aspect of an initiative to combat stigma related to behavioral health. OhioHealth’s tool helps primary care providers identify those at risk for SUD, and the organization has implemented data-sharing strategies within its network to remain compliant with applicable laws and regulations.

Federal and Legislative Perspectives

SAMHSA has a five-point strategy to combat the opioid crisis. Its focus is on improving addiction prevention, treatment and recovery services; data; pain management; targeting of overdose-reversing drugs; and research.

On the legislative side, West Virginia Senators Shelley Moore Capito and Joe Manchin, along with Michigan Representatives Tim Walberg and John Ingell, have introduced Jessie’s Law—legislation related to Jessica Grubb. Although Jessica disclosed that she was a recovering addict during a hospitalization, she was discharged with a prescription for 50 oxycodone and suffered a fatal overdose one day after leaving the hospital.

Multiple versions of Jessie’s Law were introduced in the House and Senate during the 114th and 115th Congresses. An amended version, S. 581, passed the Senate on August 3, 2017, and was reintroduced in the House as HR 2009, advancing to the full House Energy and Commerce Committee on April 25, 2018. At the same time, S. 2680: Opioid Crisis Response Act of 2018 (OCRA) was also under consideration. The result of seven bipartisan hearings on the opioid epidemic, OCRA included several provisions related to Jessie’s Law and Part 2.

An important caveat is that well-meaning legislation can sometimes cause new barriers to care and unforeseen problems. For example, Americans dealing with serious chronic illnesses could find it difficult to access the high-dose opioids they legitimately need. Lawmakers need to be mindful of unintended consequences.

Moving Forward: Potential Solutions

Roundtable participants shared their thoughts on practical steps for moving forward—and positioning the industry, lawmakers and other stakeholders to better manage behavioral health. Their suggestions include:

  • Standardization for systems, workflows, PDMP data, data that conveys a patient’s substance use status, and enforcement histories for federal and state law. Standardization will make sharing behavioral health data easier, simplify managing systems of combined data, address issues around information blocking and the number of National Provider Identifier (NPI) numbers assigned to different portions of the same entity, and mitigate the challenges of limited interoperability between electronic health records systems. It also will allow the government to demonstrate a standard enforcement history.  
  • Updated and nimble laws that are flexible enough to keep pace with the changing healthcare industry and technologies, and that attempt to protect patients from discrimination and unintended consequences. Lawmakers must be vigilant in keeping up with the rapidity of technological advances and the growth of the healthcare industry.
  • Transparency and better processes for communication, allowing patients to understand their rights around privacy and consent for data sharing. As one roundtable participant pointed out, the manner in which privacy and consent are addressed is important. Informing patients that their health data will help both the opioid epidemic and their care plan will yield a better result than asking for consent without providing adequate context.


pursuant to New York DR 2-101(f)

© 2024 Manatt, Phelps & Phillips, LLP.

All rights reserved