Call American Addiction Centers for help today.

(888) 287-0471
Close Main Menu
Main Menu
  • Find a Rehab Center
  • AAC Facilities
  • Find Treatment
  • Paying for Treatment
  • Substance Abuse
  • About AAC
    Back to Main Menu
    Main Menu
Medically Reviewed Badge
Medically Reviewed

Understanding Confidentiality & Privacy Guidelines

Questions about treatment?
  • Access to licensed treatment centers
  • Information on treatment plans
  • Financial assistance options

If you are ready to enter drug rehab and are worried about how your privacy might be affected, it may be comforting to know that there are laws and regulations in place to protect you. And know that before you enter any treatment center, you can call it directly and ask about its privacy policies. You should always feel empowered to make a decision about whether or not you feel comfortable with how a given program handles patient information before entering it.


The Federal government created confidentiality laws to protect your information under the Health Insurance Portability and Accountability Act (HIPAA) of 1996, which all federally assisted drug and alcohol treatment centers must follow. They cannot release patient information unless you give consent or it is authorized under qualifying regulations. Treatment centers that violate these regulations may face a fine of as much as $500 for the first offense and as much as $5,000 for additional offenses. Licensed or State-certified employees (this includes nearly all programs and their employees) run the risk of losing their license or certification if they violate these privacy laws. Further, as a patient, you can sue anyone who discloses your information without your consent.1

The more confident people are that the details of their treatment or diagnosis will not be shared to others without their consent, the more likely they may be to enter (and successfully complete) treatment. This is the guiding principle that led to the establishment of these confidentiality laws in the first place.

After a person completes their intake interviews, they should receive a copy of the facility’s confidentiality and privacy guidelines, which outline their rights as a patient. In almost all cases, rehab center employees must also sign these confidentiality agreements.1

Learn More About Insurance for Rehab

Which US law protects the privacy of a person’s medical health records?shutterstock_566003920

In the United States, your medical records are protected through these laws:2-4

  • The Health Insurance and Portability and Accountability Act of 1996 (HIPAA): HIPAA protects all identifying information about a person who has applied for, been given a diagnosis of, or received treatment for alcohol or drug abuse at a federally assisted program. Programs cannot legally disclose any information about a patient unless they have given written consent, or unless their case qualifies for another exception that is specified in the HIPPA policy. If medical information is disclosed, it must only be the bare minimum required to carry out the purpose of the disclosure. The same regulations apply to minors who must give written consent before a program will release information to their parent or guardian.
  • The Confidentiality of Alcohol and Drug Abuse Patient Records (42 CFR Part 2) issued in 1975 and revised in 1987: This regulation specifies that substance abuse treatment programs are not allowed to share any patient information that would directly or indirectly identify someone having previous or current alcohol or drug abuse problems, unless the patient gives written consent. A few exceptions to the law’s requirement of written consent exist, including court-ordered criminal investigation against patients, suspected child abuse or neglect, medical emergencies, scientific research, and audit or program evaluation.

HIPAA was designed to give patients more control over their health information and privacy whenever they seek medical care. It sets boundaries on the use and release of medical records and gives patients the right to obtain copies of their own health information.5

Under HIPAA, hospitals, rehab centers, and similar organizations must:5

  • Use safeguards that protect their clients’ information.
  • Use procedures that keep the number of people who are aware of confidential information to a minimum.
  • Train employees about the best ways to maintain confidentiality.
  • Post guidelines about their privacy practices and provide copies for clients.

Under What Circumstances Could Information Protected by HIPAA be Disclosed?

Part 2 of HIPAA protects all information that could be used to identity a person, and it permits a patient to revoke their consent orally if they want to. Substance abuse programs must honor any verbal revocation.

According to Part 2 of HIPAA and the Privacy Rule, people within the same treatment program or hospital can communicate patient health information (PHI) on a “need to know” basis. The Privacy Rule requires that programs identify which employees need access to PHI, as well as the appropriate conditions of access to it. After determining which employees have a legitimate need for access, the treatment program must limit access of PHI to these employees only.

There are extenuating circumstances that may arise, which will permit the disclosure of limited patient information, including but not limited to:2

  • Crimes: If a patient commits a crime at the treatment center or against employees of the treatment center, Part 2 permits the release of limited patient information to the police. The information is limited to the patient’s name, address, last known whereabouts, and the circumstances of the incident.
  • Child abuse: Part 2 allows programs to comply with State laws that require reporting on child abuse and neglect. However, programs may only make an initial report; they may not respond to follow-up requests for information unless the patient has given consent to do so.
  • Medical emergencies: Part 2 allows for identifying information to be shared with medical personnel if they need to treat the patient for an immediate medical emergency. The information shared must be limited only to that which is necessary to treat the medical emergency.
  • Court-ordered release: If a patient is subpoenaed and signs a consent permitting the release of the information requested in the subpoena, then the program may release it. They may not release information in this case, however, unless the court issues an order that complies with Part 2.

Patients’ Rights Over Information under HIPAA

HIPAA gives patients a number of rights over their personal information, including:

  • The right to be informed about how their personal information may be shared.
  • The right to withhold permission from their information being used in certain ways.
  • The right to receive a report on why and when health practitioners shared their information.
  • The right to file a complaint if they believe their health information has not been protected.

When you know your rights and that reputable drug rehabs abide by these confidentiality laws, you can be free of the worry about privacy issues and focus on the most important thing: overcoming your addiction.

Learn More About Addiction Treatment

We're here to help you find the treatment you deserve.
Substance Abuse Assessment
How our treatment is different?
American Addiction Centers photo
Scot Thomas
Medical Reviewer
Dr. Thomas received his medical degree from the University of California, San Diego School of Medicine. During his medical studies, Dr. Thomas saw firsthand the multitude of lives impacted by struggles with substance abuse and addiction, motivating him to seek a clinical psychiatry preceptorship at the San Diego VA Hospital’s Inpatient Alcohol and Drug Treatment Program. In his post-graduate clinical work, Dr. Thomas later applied the tenets he learned to help guide his therapeutic approach with many patients in need of substance treatment. In his current capacity as Senior Medical Editor for American Addiction Centers, Dr. Thomas, works to provide accurate, authoritative information to those seeking help for substance abuse and behavioral health issues.
Reach out to us day or night

Our supportive admissions navigators are available 24/7 to assist you or your family.

Call 888-287-0471
There was an error fetching your data