"This resource was designed to enable correctional entities to comply with HIPAA and 42 CFR Part 2 in the receipt or sharing of PHI [public health information], whether the correctional entity meets HIPAA’s designation of a “covered entity,”17 is determined by 42 CFR Part 2 to be a “federally assisted program,”18 or does not meet either criteria. The tools within the resource may be used by any correctional entity interested in articulating its commitment to protecting PHI and implementing the components of a privacy framework." This publication is made up of three chapters: introduction; overview of HIPAA and 42 CFR Part 2 regulations-HIPAA regulations regarding medical and mental health information, and 42 CFR Part 2 regarding substance abuse information; and PHI policy development template. Appendixes include: glossary; listing of applicable federal laws; release of information-consent authorization guidance; contractual agreements; court orders; 42 CFR 2.22-Notice to Patients of Federal Confidentiality Requirements; PHI Privacy Policy Review Checklist; and standards and resource list.