Home      Login

Inmates and Health Privacy: What the Corrections Industry Needs to Know About HIPAA  

Author:  Shannon Hartsfield  Salimone.

Source: Volume 13, Number 04, May/June 2012 , pp.49-54(6)

Correctional Health Care Report

next article > |return to table of contents


State and federal laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA), impose restrictions on how protected health information (PHI) can be used and shared with third parties. Prison operators and companies that assist in various aspects of a prison’s operations must ensure that they comply with these laws if they acquire, store, use, or disclose inmates’ PHI. In 2009, Congress passed the American Recovery and Reinvestment Act, which included the Health Information Technology for Economic and Clinical Health Act (HITECH Act), a law that made important changes to HIPAA. Among the more significant ones for companies in the corrections industry was the expansion of portions of HIPAA to impose new legal obligations on third parties that need access to PHI to provide services to entities covered under HIPAA. These may have thought that, because they were not “covered entities” under HIPAA, they had no direct legal obligation to comply with HIPAA. The HITECH Act, as well as pending federal regulations, may change that analysis. Shannon Hartsfield Salimone is the regulatory and litigation leader of Holland & Knight’s Healthcare & Life Sciences Team.

Keywords: Covered entitites; Business Associates; HIPAA Privacy Rule

Affiliations:  1: Holland & Knight .

Subscribers click here to open full text in PDF.
Non-subscribers click here to purchase this article. $25

next article > |return to table of contents