Statutes, codes, and regulations
Code of Federal Regulations
Title 42 - PUBLIC HEALTHChapter I - PUBLIC HEALTH SERVICE, DEPARTMENT OF HEALTH AND HUMAN SERVICESSubchapter A - GENERAL PROVISIONSPart 2 - CONFIDENTIALITY OF SUBSTANCE USE DISORDER PATIENT RECORDS
Subpart A - INTRODUCTION
Section 2.3 - [Effective 4/16/2024] Civil and criminal penalties for violations

42 C.F.R. § 2.3

Download
PDF
Current through March 31, 2024
Section 2.3 - [Effective 4/16/2024] Civil and criminal penalties for violations
(a)Penalties. Any person who violates any provision of 42 U.S.C. 290dd-2(a)-(d) , shall be subject to the applicable penalties under sections 1176 and 1177 of the Social Security Act, 42 U.S.C. 1320d-5 and 1320d-6 .
(b)Limitation on criminal or civil liability. A person who is acting on behalf of an investigative agency having jurisdiction over the activities of a part 2 program or other person holding records under this part (or employees or agents of that part 2 program or person holding the records) shall not incur civil or criminal liability under 42 U.S.C. 290dd-2(f) for use or disclosure of such records inconsistent with this part that occurs while acting within the scope of their employment in the course of investigating or prosecuting a part 2 program or person holding the record, if the person or investigative agency demonstrates that the following conditions are met:
(1) Before presenting a request, subpoena, or other demand for records, or placing an undercover agent or informant in a health care practice or provider, as applicable, such person acted with reasonable diligence to determine whether the regulations in this part apply to the records, part 2 program, or other person holding records under this part. Reasonable diligence means taking all of the following actions where it is reasonable to believe that the practice or provider provides substance use disorder diagnostic, treatment, or referral for treatment services:
(i) Searching for the practice or provider among the substance use disorder treatment facilities in the online treatment locator maintained by the Substance Abuse and Mental Health Services Administration.
(ii) Searching in a similar state database of treatment facilities where available.
(iii) Checking a provider's publicly available website, where available, or its physical location to determine whether in fact such services are provided.
(iv) Viewing the provider's Patient Notice or the Health Insurance Portability and Accountability Act (HIPAA) Notice of Privacy Practices (NPP) if it is available online or at the physical location.
(v) Taking all these actions within a reasonable period of time (no more than 60 days) before requesting records from, or placing an undercover agent or informant in, a health care practice or provider.
(2) The person followed all of the applicable provisions in this part for any use or disclosure of the received records under this part that occurred, or will occur, after the person or investigative agency knew, or by exercising reasonable diligence would have known, that it received records under this part.
(c)Enforcement. The provisions of 45 CFR part 160, subparts C, D, and E, shall apply to noncompliance with this part in the same manner as they apply to covered entities and business associates for noncompliance with 45 CFR parts 160 and 164.

42 C.F.R. §2.3

82 FR 6115, 2/17/2017; 89 FR 12618, 4/16/2024