Deflection
Pre-arrest deflection initiatives are partnerships between public health and public safety to support outreach to individuals who are at risk for overdose and link them to community-based treatment services. Communities implementing deflection initiatives frequently have questions about information sharing. To support communities’ efforts to collect suspected overdose data, the Legislative Analysis and Public Policy Association (LAPPA), in partnership with IIR, developed information sharing fact sheets. These fact sheets provide communities with an understanding of what agencies legally can and cannot share regarding federal law (such as 42 Code of Federal Regulations and the Health Insurance Portability and Accountability Act [HIPAA]).
Should a post-overdose response team have a memorandum of understanding (MOU) in place that details how information can and cannot be used by law enforcement?
Yes, all potential partners within a deflection initiative should be governed by an interagency, data sharing MOU. An MOU sets out the rights and responsibilities of each partner, as well as the specific ways in which information obtained by any partner can and cannot be used.
Additional information, discussion, and references are available here.
Can a post-overdose response/outreach deflection program obtain protected health information (PHI) from an emergency medical services (EMS) agency about an individual who suffered a nonfatal overdose without violating the Health Insurance Portability and Accountability Act (HIPAA)?
Yes, but only if specific conditions are met. Medical records containing PHI are safeguarded by HIPAA. Accordingly, a post-overdose response/outreach team, or any type of deflection program seeking PHI from a HIPAA-covered entity, must rely on one of three options.
Additional information, discussion, and references are available here.
Can a deflection team follow up with an individual who did not accept services if the individual did not sign a release form at the time of the initial contact?
Yes. The Health Insurance Portability and Accountability Act (HIPAA) and 42 Code of Federal Regulations (CFR) Part 2 only apply to the disclosure and redisclosure of either protected health information (PHI) under HIPAA or substance use disorder treatment records under 42 CFR Part 2. This question assumes that the deflection team is already in possession of the individual’s name and contact information prior to the follow-up outreach to the individual.
Additional information, discussion, and references are available here.
Can the clinician conduct a substance use disorder (SUD) screening in front of a law enforcement officer partner?
No, clinicians cannot conduct an SUD screening or assessment in the presence of law enforcement or anyone else, including family members, without the individual’s consent.
Additional information, discussion, and references are available here.
Can a deflection team member, such as a peer recovery specialist or a clinician, share health- or treatment-related information learned from the client with other members of the deflection team?
If the peer recovery specialist or clinician is employed by a health care or treatment provider, or otherwise qualifies as a Health Insurance Portability and Accountability Act (HIPAA)-covered entity, they may only share client-specific information with the remainder of the deflection team if the client has signed a HIPAA-compliant authorization form or a 42 Code of Federal Regulations (CFR) Part 2-compliant consent form.
Additional information, discussion, and references are available here.
Can a deflection initiative retain health information it possesses about individuals whom deflection teams cannot locate or who decline services in order to track the outcomes of those individuals?
This depends on the source of the information and whether the deflection initiative is a covered or non-covered Health Insurance Portability and Accountability Act (HIPAA) entity. See the document for a full discussion.
Additional information, discussion, and references are available here.
Does a deflection initiative’s database need to be compliant with the Health Insurance Portability and Accountability Act (HIPAA) and 42 Code of Federal Regulations (CFR) Part 2?
It is a best practice for all types of deflection initiatives to maintain participating individuals’ information in a database that is compliant with both HIPAA and 42 CFR Part 2. See the document for a full discussion.
Additional information, discussion, and references are available here.
