Individuals with mental illnesses and/or co-occurring substance use disorders are overrepresented at every stage of the criminal justice process. In response, many jurisdictions have developed a range of policy and programmatic responses that depend on collaboration among the criminal justice, mental health, and substance abuse treatment systems.
A critical component of this cross-system collaboration is information sharing, particularly information about the health and treatment of people with mental illnesses and/or substance-use disorders who are the focus of these responses. At the individual level, health information is essential to provide adequate assessment and treatment. At the program level, it can be used to identify target populations for interventions, evaluate program effectiveness, and determine whether programs are cost-efficient.
Legal and technical barriers, both real and perceived, often prevent a smooth exchange of information among these systems and impede identifying individuals with mental illnesses and/or substance-use disorders and developing effective plans for appropriate diversion, treatment, and transition from a criminal justice setting into a community- based setting. Understanding the legal framework of information sharing is the crucial first step for jurisdictions seeking to design and implement effective criminal justice-behavioral health collaborations.
A critical first step is to understand the federal and state laws that are likely to influence stakeholder responses. Federal law shapes what is permissible at the state or local level, primarily through the basic privacy rules for “protected health information” (PHI) under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) 2 and substance-use treatment information under 42 CFR Part 2, a portion of the Code of Federal Regulations addressing public health.
Due to the importance of information sharing and how this may be impacted by state laws, many specific questions will require answers from local, county, or state counsel. . However, this discussion does provide practitioners and criminal justice stakeholders with a fundamental understanding of the legal issues expected to be involved with information sharing and how the legal framework is likely to affect their initiatives. Sharing information across disciplines can and has been done successfully, appropriate governance agreements and sound technical architecture are key, along with trust. A CJCC is best suited to bring together the key stakeholders to mutually agree to share information (built in trust) and dedicate the necessary resources to support such an endeavor.
Each state has a Chief Information Security Officer (CISO) that can and should serve as a resource to local CJCCs in the planning and implementation of a sharing information process s that adheres to the Federal Bureau of Investigation's Criminal Justice Information System (CJIS) policies. The CISO should be able to bridge the technical with the policy and provide a perspective on how the state interprets the FBI's CJIS security policy and other federal/state policies.