This resource explains the laws surrounding the exchange of personal health information between criminal justice and mental health agencies. The authors explain HIPAA's basic provisions and exceptions and how it applies in the context of justice-health collaborations. They also identify trends and variations in state laws and emphasize the importance of consulting state law, as state laws govern when they are more stringent than the federal laws.
This resource lays out the legal framework that impacts information sharing between mental health and criminal justice agencies. Part 1 includes a "Practitioner Analysis" that answers common questions about information sharing under HIPAA, 42 CFR Part 2, and various state laws relevant to behavioral health providers, law enforcement, courts, jails and prisons, community corrections, and any "business associate" or "qualifed service organization" that may need access to personal health information. Part 1 also includes an explanation of an individual's right to access his or her medical records under HIPAA and 42 CFR Part 2. Part 2 of this resource provides a framework for working with various privacy laws, including a review of the penalties for breaching these laws, suggestions of tools that facilitate information sharing, and a glossary of important terms.