This course is no longer open for new enrollments on CCAPPCE.com. The course is available on our new Continuing Education platform: Counselor CE Hub.
If you are currently enrolled in this course you can access it until June 2027.
This course comes from our partners at NBHAP.
From our partners at NBHAP. A frequent question for behavioral healthcare providers is “who owns our patients’ data?” The patient? You, the treatment provider? Or your EHR provider? This question inevitably leads to a second: “how can it be used?”
The answers to both questions are nuanced. There is a great deal of confusion regarding the topic, which is understandable given the ever-evolving landscape of data privacy law and its intersection with the healthcare industry. Most behavioral healthcare providers are aware of the applicability of HIPAA and the additional burden of SAMHSA’s “Part 2” to the medical records of their patients, and therefore look to these laws to determine ownership rights and how patient data can be used.
However, neither HIPAA nor Part 2 specify who has ownership over medical records and the data in them. State law is often not much help either. Further complicating the matter, debate has arisen in the behavioral healthcare industry as to the role of de-identified data, including whether its sale is legal and if so, whether it is ethical.
This webinar delves into these issues and discuss the recent trend of selling de-identified data in the behavioral healthcare industry and claims to ownership of sets of de-identified data in the contracts of both providers and electronic health records companies.
We discuss whether the sale of such data was contemplated by HIPAA and Part 2, and also whether there is any current state law or legislation on the horizon which could impact behavioral healthcare providers in this area. We discuss the recently enacted California Consumer Privacy Act as well as the European Union’s Data Protection Regulation, and the general trend towards increased protection of all private individual information. Lastly, we discuss the practical implications of all of the above, and the best ways for behavioral healthcare providers can navigate the murky waters of patient data protection in a manner that is both legal and ethical.
- Enrollment in this course closed on January 7, 2026.
