A single, multidisciplinary entity, like a university, may include certain departments that use PHI, and other departments that do not. Such institutions are eligible to (and should) self-identify as “hybrid entities” to better manage HIPAA compliance risk.
The Health Insurance Portability and Accountability Act of 1996, as modified by the Health Information Technology for Economic and Clinical Health Act (collectively, “HIPAA”) mandates privacy and security safeguards for information about an individual’s health status, care, or payment for care. Individuals, organizations, and agencies that meet the definition of a “covered entity” or “business associate” under HIPAA must comply with its requirements.
Continue Reading Are You a “Hybrid Entity” under the Health Insurance Portability and Accountability Act of 1996? The $4,348,000 Question