Hybrid Entity

Consistent with the requirements as set forth in 45 C.F.R. §§ 164.103 and 164.105 as related to HIPAA and HITECH, Drexel University is one legal entity, specifically a hybrid entity. A hybrid entity includes both covered and non-covered functions, and designates its health care components as provided in the Privacy Rule. If a covered entity is a hybrid entity, the Privacy Rule generally applies only to its designated health care components. However, non-health care components of a hybrid entity may be affected because the health care component is limited in how it can share PHI with the non-health care component.

Covered Entities

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

• Privacy Policy Definitions

HIPAA Privacy Policies and Procedures

Notice of Privacy Practices

• PPS-01 Health Information Management Policy
• PPS-01A HIPAA Hybrid Entity Designation
• PPS-02 Minimum Necessary
• PPS-03 Sharing Data with External Entities
• PPS-04 Individual Right to Access Individually Identifiable Health Information
• PPS-05 Individual Right to Request Correction Individually Identifiable Health Information
• PPS-06 Authorization
• PPS-07 Patient Complaint Process
• PPS-08 Training Requirements
• PPS-09 Incident Reporting
• PPS-10 Responding to External Investigations and Inquiries
• PPS-11 Accounting of Disclosures
• PPS-12 Fundraising and Marketing
• PPS-14 Restrictions Requested by Patient
• PPS-15 Notice of Privacy Practices
• PPS-16 Fee for Copying Records
• PPS-17 Identification of Patient or Authorized Representative Over the Phone
• PPS-18 Password and System Confidentiality
• PPS-19 Patient List
• PPS-20 Use of PHI in DU Classroom or Internal Web-based Medical Education
• PPS-21 Destruction of EPF Printed Material
• PPS-22 Sale of PHI
• PPS-23 Student Immunization Policy
• PPS-24 Breach Investigation and Notification Policy
• PPS-25 Decedents
• PPS-26 Business Associate Policies (with attachments)
• PPS-27 De-Identification of PHI for Use in DU Classroom or Internal Web-based Medical Education
• PPS-28 Students as Business Associates

 
 Back to Top