Paubox blog: HIPAA compliant email made easy

Does HIPAA apply to incarcerated individuals?

Written by Caitlin Anthoney | April 08, 2024

Incarcerated individuals are protected under HIPAA regulations’ Privacy Rule. Therefore, healthcare providers in correctional facilities must adhere to HIPAA guidelines when treating incarcerated individuals. 

According to the National Institute of Corrections, “The U.S. penal population of 2.2 million adults is by far the largest in the world.” To put this in perspective, “nearly 1 out of every 100 adults [are] in prison or jail.” This number demonstrates the responsibility correctional facilities bear in providing healthcare services to a significant portion of the population with incarcerated individuals often carrying additional burdens, including “drug and alcohol addictions, mental and physical illnesses…

 

How does HIPAA apply in correctional settings?

HIPAA establishes national standards to safeguard patients' medical records and protected health information (PHI). These standards also apply to medical care given in correctional facilities.

The University of Houston Law Center explains that “HIPAA applies to…incarcerated persons as well as other persons detained for criminal law violations.” However, these rules are modified to account for the particular circumstances of incarceration.

For example, while inmates still have the right to privacy regarding their medical information, certain situations may require healthcare providers to disclose PHI without consent for safety and security reasons within the facility.

 

Exceptions under HIPAA regulations

According to the Code of Federal Regulations, a correctional facility that provides healthcare is not required to get authorization or consent before using or disclosing an incarcerated individual's protected health information (PHI) for treatment, payment, or healthcare operations.

The University of Houston Law Center lists the following permitted disclosures, if PHI is necessary for:

  • The provision of healthcare to such individuals.
  • The health and safety of such individuals or other inmates.
  • The health and safety of officers or employees or others at the correctional institution.
  • The health and safety of such individuals and officers or other persons responsible for the transport of inmates or their transfer from one institution, facility, or setting to another.
  • Law enforcement on the premises of the correctional institution.
  • The administration and maintenance of the safety, security, and good order of the correctional institution.”

 

HIPAA in external healthcare services

HIPAA's jurisdiction extends outside of correctional facilities to cover healthcare services given to incarcerated individuals at outside facilities like hospitals or specialty clinics. Healthcare providers must adhere to HIPAA regulations when treating the incarcerated outside of the correctional facility.

For example, when an inmate requires specialized medical treatment at an external hospital, healthcare providers must ensure that PHI is shared securely and only with authorized personnel. This could mean obtaining consent from the inmate or adhering to HIPAA's emergency disclosure provisions in urgent situations.

Furthermore, failure to comply with HIPAA regulations can result in severe penalties for healthcare providers and facilities.

 

Promoting HIPAA compliance and secure communication

Correctional facilities should promote HIPAA compliance by implementing strict policies and comprehensive training programs. This could include creating awareness of privacy regulations and how to handle protected health information (PHI).

They can improve privacy and security by using HIPAA compliant email platforms, like Paubox. This will help secure the transmission of medical records, treatment plans, and other sensitive information between healthcare providers and correctional staff.

Providers should restrict access to authorized individuals, to lower the risk of unauthorized disclosure of PHI. This aligns with HIPAA regulations and maintains patient confidentiality within correctional settings.

 

Potential for collaboration

In a recent study on collaborating to offer HPV vaccinations in jails, researchers used emails to explore the potential of collaborations to extend healthcare services, specifically HPV vaccinations, to underserved populations in jails. Here, emails facilitated communication between correctional facilities and healthcare providers, enabling efficient coordination and timely implementation of vaccination programs.

This shows the potential of using emails to increase healthcare access for vulnerable populations, which could ultimately improve public health outcomes. More specifically, HIPAA compliant emails can help facilitate communication between healthcare providers efficiently, leading to better coordination of care and improved patient outcomes. 

Read also: How patient-centered communication improves patient outcomes

 

FAQs

What are some examples of healthcare services provided in correctional facilities?

Healthcare services provided in correctional facilities include medical care, mental health services, substance abuse treatment, and preventive care such as vaccinations.

 

What role do electronic health records (EHRs) play in healthcare collaborations?

Electronic health records (EHRs) facilitate the secure exchange of patient information among healthcare providers and promote continuity of care. Providers can collect patient data securely with Paubox Forms for patient intake, to obtain patient consent, streamline referrals, etc.

 

What steps can correctional facilities take to protect patient privacy?

Correctional facilities can protect patient privacy by using a secure email platform, like Paubox, training staff on HIPAA compliance, and establishing policies for handling sensitive information.