In the early 1970's, the U.S. Congress, recognizing that the stigma associated with substance abuse and the fear of prosecution deterred people from entering treatment, enacted legislation that gave patients a right to confidentiality. Since the Federal confidentiality regulations of 42 CFR Part 2 (Part 2) were issued, confidentiality has been a key component of substance abuse treatment programs across the country. In December 2000, HHS issued the Privacy Rule. Substance abuse treatment programs that already are complying with Part 2 should not have significant problems in complying with the Privacy Rule, since it parallels the requirements of Part 2 in many areas. Programs subject to both sets of rules must comply with both, unless there is a conflict between them. Generally, this will mean that substance abuse treatment programs should continue to follow the Part 2 regulations. In some instances, programs will have to establish new policies and procedures or alter existing policies and practices. This document is for substance abuse treatment programs that are subject to and already complying with Part 2. It explains which programs must also comply with the Privacy Rule and indicates what compliance will require. As a general rule, programs must not disclose information unless they can obtain consent from the patient or point to an exception to confidentiality mandates that specifically permit disclosure. The disclosure must be permissible under both Part 2 and the Privacy Rule. The provisions of Part 2 and the Privacy Rule are included. 5 references