NCJ Number
209376
Journal
American Jails Volume: 18 Issue: 6 Dated: January/February 2005 Pages: 22-24
Date Published
January 2005
Length
3 pages
Annotation
This article discusses the implications for jail operations of the provisions of the Federal Health Insurance Portability and Accountability Act (HIPAA), which pertains to the privacy of medical records.
Abstract
Generally, HIPAA requires certain health care providers, which may include jails, to develop and implement policies that minimize the use and disclosure of any health information that could identify an individual. The regulations protect information stored on computers, housed in filing cabinets, or communicated in personal conversations. HIPAA also requires certain health care providers to adopt clear privacy procedures, train employees in privacy procedures, designate an individual to be responsible for ensuring that the privacy procedures are adopted and followed, and secure patient records that contain individually identifiable health information. A 2002 rewriting of the HIPAA regulations explicitly protects the health information of inmates if the custodial facility is both a health provider and transmits certain health information electronically. Because the HIPAA regulations are complex, jails should first consult legal counsel to determine how HIPAA requirements apply to a specific facility. Second, the jail should analyze its health care operations to determine if it or its health care provider transmits protected health information electronically. Third, the jail should assess how it obtains an inmate's protected health information, how it uses that information, and what categories of employees have access to such information. Fourth, the jail must perform a gap analysis and evaluate whether current actions and documentation are consistent with HIPAA requirements.