1. Ģ����Ƶ university's commitment to HIPAA compliance as a hybrid entity

   Ģ����Ƶ university strives to protect the confidentiality, integrity, and availability of protected health information (PHI) by taking reasonable and appropriate steps to address the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA regulates covered entities, which are health plans, health care clearinghouses and health care providers who transmit any health information in electronic form in connection with a covered transaction. HIPAA requires that each covered entity maintains reasonable and appropriate administrative, technical and physical safeguards for privacy and security. HIPAA also requires that entities or individuals who contract to perform services for a covered entity with access to PHI (referred to as “business associates”) comply with the HIPAA privacy and security standards.

   Ģ����Ƶ university is a HIPAA hybrid entity as that term is defined by HIPAA at 45 C.F.R. § 164.105. As such, its health care components, which are identified in Ģ����Ƶ university’s standards and procedures, are subject to and must comply with HIPAA.

   This general policy reflects Ģ����Ƶ university’s commitment to comply with HIPAA as more fully set forth in the Ģ����Ƶ university HIPAA standards (the “standards”), herein incorporated by reference to this general policy. The standards represent the general operating procedures of Ģ����Ƶ university’s health care components and apply to PHI used or disclosed by or on behalf of Ģ����Ƶ university’s health care components. To the extent the standards express requirements and obligations above and beyond those required by the HIPAA regulations, the standards will be treated as goals but will not be binding on Ģ����Ƶ university. The standards do not address the requirements of any laws other than the HIPAA privacy regulations. No third party rights (including, but not limited to, rights of individuals or business associates) are intended to be created by the standards

   Any questions regarding this general policy or the standards may be directed toward Ģ����Ƶ university’s privacy and/or security officer, as may be appropriate. Ģ����Ƶ university reserves the right to change these standards at any time without notice.

Reviewers

Proposed revisions of this policy should be reviewed by:

1. Vice President for Research and Creative Activity

2. Faculty Senate

3. Deans Council

4. Chairs

5. Directors

6. Chief Human Resource Officer

Forms, References, and History

1. Forms

   The following forms are specific to this policy:

   1. Please see part 2. References

2. References

   The following items are relevant to this policy

   • Ģ����Ƶ University Provider HIPAA Privacy Standards and Procedures
   • Ģ����Ƶ University Health Plan HIPAA Privacy Standards and Procedures

3. History

   Draft versions of this policy that were circulated for review, their cover memos, their forms, and Reviewers' comments on them are available on the

   There are no prior versions of this policy.