The Colorado Court of Appeals issued its opinion in Adolescent and Family Institute of Colorado, Inc. v. Colorado Department of Human Services, Division of Behavioral Health on Thursday, March 28, 2013.
Declaratory Judgment—Confidential Patient Information in Drug Alcohol Coordinated Data System.
Plaintiff, Adolescent and Family Institute of Colorado, Inc., appealed from the district court’s declaratory judgment in favor of defendant, Colorado Department of Human Services, Division of Behavioral Health, Alcohol and Drug Abuse Division (ADAD). The judgment was affirmed.
The Colorado Department of Human Services is responsible for the administration of human services programs in the state, including drug and alcohol abuse treatment programs. ADAD is responsible for formulating and administering a comprehensive state plan for alcohol and drug abuse programs. To do so, defendant is authorized to “establish standards for approved treatment facilities that receive public funds or that dispense controlled substances or both.” Such a facility must be licensed by defendant to operate in Colorado.
Plaintiff is a private, for-profit facility that provides treatment for patients with substance abuse and mental health disorders. Plaintiff does not dispense controlled substances and the record did not disclose that it received public funds. Nonetheless, it had been licensed by defendant since 1984 and sought to maintain that status.
All licensees are responsible for accurate and timely submission of required data to defendant, including Drug Alcohol Coordinated Data System (DACODS) client treatment admission and discharge records. The DACODS form contains a patient’s first and last name, date of birth, social security number, zip code, and other demographic information.
Defendant did not require private treatment facilities to comply with the DACODS submission requirement until 2005. Plaintiff sought a waiver of the requirement to ensure it did not violate state and federal laws protecting the confidentiality of patient records. The request was denied, and defendant initiated administrative license revocation proceedings, which were dismissed with prejudice. Plaintiff then initiated proceedings in district court, seeking a declaratory judgment to determine whether the DACODS submission requirement was preempted by state and federal laws because the regulation and laws conflicted. The trial court ruled that the submission requirement was not preempted because it was not covered by the statutory psychotherapist–patient privilege and fell within certain statutory exceptions to the general prohibition against disclosures. Plaintiff asked the court to stay any licensure action by defendant against it pending appeal; the stay was granted.
Plaintiff first argued it was error to find that the DACODS submission requirement does not violate CRS § 13-90-107(1)(g). The Court of Appeals disagreed. The plain language of the statute refers to a “witness” and is located in Title 13, “Courts and Court Procedure.” The section protects people listed from being questioned in a manner that will result in their disclosures being used at any stage in litigation. It is a “testimonial” privilege. It therefore does not apply to the DACODS submission requirement.
Plaintiff then argued it was error to conclude that the DACODS submission requirement does not violate 42 USC § 290dd-2 and its implementing regulations. The trial court had ruled that defendant could require that plaintiff submit the information on the DACODS forms, but because defendant did not have a data retention and destruction policy, defendant could not enforce the requirement until such a policy had been enacted. The Court found no error.
The district court found that the federal statute did not apply because defendant is the “administrative agency that has direct control” over plaintiff and therefore is exempt under the terms of the statute. The Court found no case law or definition of what “direct administrative control” means in this context. However, it found persuasive the definition used by the Social Security Administration (SSA) to determine whether an institution is public or private for SSA purposes. Using that as guidance, the Court held the district court erred in finding that defendant had direct administrative control over plaintiff.
The Court then examined whether defendant’s collection activities fell within the audit or evaluation exception. It found that although the DACODS information may be used in the aggregate for multiple submissions required to be made under the statute, each such submission was a separate audit or evaluation within the exception, and therefore it did not apply.
The Court turned to whether defendant’s collection of DACODS information complied with the statutory requirements regarding how confidential information must be collected, stored, and destroyed. Defendant had no such policy. The Court agreed with plaintiff that in the absence of such a policy, gathering the DACODS information is a violation of 42 CFR Part 2.
Finally, the Court concluded that the district court erred by issuing the stay order because there had been no exhaustion of administrative remedies and the order was overbroad in staying the agency from taking any action against plaintiff. However, in vacating the post-judgment stay and affirming the declaratory judgment, the Court noted that defendant cannot require DACODS submission compliance until it has a data retention and destruction policy.
Summary and full case available here.