Home      Login

Abstract: 

State and federal laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), impose restrictions on how protected health information (PHI) can be used and shared with third parties. Prison operators and companies that assist in various aspects of a prison’s operations must ensure that they comply with these laws if they acquire, store, use, or disclose inmates’ PHI. In 2009, Congress passed the American Recovery and Reinvestment Act, which included the Health Information Technology for Economic and Clinical Health Act (HITECH Act), a law that made important changes to HIPAA. Among the more significant ones for companies in the corrections industry was the expansion of portions of HIPAA to impose new legal obligations on third parties that need access to PHI to provide services to entities covered under HIPAA. These may have thought that, because they were not “covered entities” under HIPAA, they had no direct legal obligation to comply with HIPAA. The HITECH Act, as well as pending federal regulations, may change that analysis. Shannon Hartsfield Salimone is the regulatory and litigation leader of Holland & Knight’s Healthcare & Life Sciences Team.

Keywords: Covered entitites; Business Associates; HIPAA Privacy Rule

Affiliations:  1: Holland & Knight .