Behavioral health providers were excluded from the 2009 HITECH Act, which contributed to significant disparities in electronic health records (EHR) adoption between behavioral and physical health providers. According to a recent federal estimate, only 49% of psychiatric hospitals have certified EHRs vs. 96% of general and surgical hospitals.

The Behavioral Health Information Technology (BHIT) Coordination Act, which would add $20 million in annual grant funding through the Office of the National Coordinator for Health Information Technology for behavioral health EHR adoption, could help remedy this disparity. However, concerns related to patient privacy and the stigma of mental health and substance misuse disorders raises important questions about whether and when full interoperability between behavioral and physical health providers will become a reality.

We spoke with Alisa L. Chester, attorney and Data Protection, Privacy and Cybersecurity Team Chair at Baker Donelson Health Law, about the implications of the lack of investment in robust EHRs for behavioral health providers, as well as the regulatory compliance and societal hurdles that must be overcome to bring these two fields of health care closer together.

Why was behavioral health excluded from the HITECH Act, and what has the impact of this been?

Chestler: I think there were a variety of issues. No. 1 being money. The incentives offered to healthcare systems to adopt EHR were expensive for the government and they did not cover even a small amount of what was required. There are also tighter margins in behavioral health and a lot of the concerns related to behavioral health and privacy. All these things factored into the government excluding behavioral health.

Because there were no incentives and because the focus of the EHR companies was on physical health modules that were going to bring in money, the investments of time and money were put into those specialties. Without incentives, it is more difficult for a company to get a behavioral health provider to adopt their EHR.

What are the barriers that keep behavioral health and physical health care separate?

Chestler: First, there continues to be stigma around behavioral health services, so you have this barrier, especially in smaller communities, where patients may not want their community of providers to know about their mental health issues. While we know that physical health and mental health truly do go together, this is not fully embraced or comprehended by the public. So, there is still resistance to having physical health and mental health teams coordinate.

Another barrier is that mental health disorders often come with a secondary diagnosis of substance abuse. When you have substance abuse concerns, the provider and the EHR developers need to consider not only the HIPAA privacy rule but what we call “Part 2 issues.” Federal substance abuse laws (42 CFR Part 2) have additional restrictions related to data access that complicates the design of EHRs and the ability of behavioral health providers to share information.

There is a drive to align Part 2 with HIPAA and to advance the understanding that there shouldn’t be a stigma attached to these health concerns and that there needs to be more sharing of this information. But right now, it is difficult to have interoperable information sharing that complies with both HIPAA and the Part 2 rules, and that also has slowed down the ability of mental health providers to adopt more robust EHRs.

What are the pros and cons of keeping mental health or substance abuse treatment records separate from the physical health records?

Chestler: One thing that a lot of people do not fully understand is that if your insurance is provided through your employer, that employer does technically have access to certain information in your health record. No. 2, as it relates to information sharing, the main reason the Part 2 rules were enacted in the 1970s was a concern not just about the stigma of seeking substance abuse treatment, but the concern that it would prevent people from seeking treatment because they knew this information would be shared.

Although it has not passed, did the introduction of BHIT encourage EHR companies to develop modules for behavioral health?

Chestler: First, a lot of mental health providers do have EHR/EMR systems, but they are not necessarily HITECH certified. Some of the very large EHR companies do have behavioral health modules, including ones for substance abuse issues. With BHIT in the legislature and the renewed focus on the lack of behavioral health-focused modules, I believe more EHR vendors are anticipating a shift toward bringing behavioral health and physical health together, and want to be the first ones there.

I do want to point out that there are important privacy concerns beyond substance abuse. For example, if a person develops a behavioral health issue as a result of some kind of trauma, the gritty details of that trauma are often recorded in the patient’s record. This can be very sensitive information. I do think behavioral health providers, as they are documenting, are cognizant of that. But there needs to be more discourse about this as we can continue to see so many breaches.

While I am an advocate for this legislation (BHIT Act) because I think it does help the whole person, I also know that it should not be undertaken lightly and or too quickly in a world where cybersecurity events are occurring on a very regular basis.