Local jails, state corrections departments, and community corrections agencies typically employ distinct assessment procedures and often maintain independent information systems, impeding the transfer of information from one agency to another. At the same time, different organizational cultures, confidentiality concerns, and incompatible data systems also limit the ability of corrections employees and community-based service providers to draw on each other’s information when conducting assessments or making a individual’s re-entry plan.
While cultural, legal, and technological barriers to sharing information within the criminal justice system—and with outside service providers—are real, these barriers are not insurmountable. Often, confidentiality laws such as the Health Insurance Portability and Accountability Act of 1994 (HIPAA) are seen as barring all information-sharing, collaboration, and service coordination among criminal justice personnel and service providers. While HIPAA requires medical personnel to maintain the confidentiality of protected health information through a number of safeguards, it also contains important exceptions. For example, HIPAA does not require corrections departments to obtain an authorization to request protected health information about an individual who is incarcerated from a service provider if the purpose of the disclosure is to protect “the health and safety of inmates or employees in a correctional institution.”¹
To address confidentiality concerns and facilitate information-sharing, corrections departments often use multi-party consent to release forms, which enable individuals to provide their consent for corrections personnel to obtain information about the individual from multiple sources, such as medical and treatment providers. Memoranda of Understanding (MOUs) can also be used for this purpose. MOUs typically describe the relationship among collaborating agencies, including what types of information each agency will share, for what purpose, and under what parameters of appropriate use. Finally, community-based service providers who have direct access to health records can conduct assessments and provide services in corrections settings, as well as continuing to serve people upon their return to the community.
To address technological barriers to sharing information among corrections and with community-based service providers, corrections agencies employ a number of strategies, some being more resource-intensive than others. Less resource intensive strategies include using phone, fax, and email to share records and assessment information. More resource intensive options include integrating multiple information systems, or using a Web-based shared medical or case management record that is hosted by a third-party’s internet server. These options can be time-consuming, but are not required for successful collaboration; often picking up the phone and calling a colleague in another institution or agency can provide sufficient information to improve re-entry planning for people released from prisons and jails.
¹ U.S. Department of Health and Human Services, Office of Civil Rights, Summary of the HIPAA Privacy Rule, (Washington, D.C.: 2003), retrieved at http://www.hhs.gov/ocr/privacysummary.pdf. For more information on information-sharing and HIPAA, see the National GAINS Center report, Dispelling Myths About Information Sharing Between Mental Health and Criminal Justice Systems, at http://www.gainscenter.samhsa.gov/pdfs/integrating/Dispelling_Myths.pdf.