A single, multidisciplinary entity, like a university, may include certain departments that use PHI, and other departments that do not. Such institutions are eligible to (and should) self-identify as “hybrid entities” to better manage HIPAA compliance risk. The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic … Continue Reading