For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Privacy Policy Definitions

Drexel University Clinical Covered Entities
HIPAA Privacy and Security Program

Affected Employee

A Workforce Member who is involved in areas of Drexel University which are subject to HIPAA laws, rules and regulations, including serving as a Business Associate.

Business Associate

An entity or person who performs a function or activity on behalf a covered entity whereby the entity or person creates, receives, maintains or transmits PHI or e-PHI on behalf of a HIPAA covered entity or on behalf of another Business Associate.

Compliance Personnel

Privacy Officer and staff.

Covered Entities

Are defined in the HIPAA rules as (1) health plans, (2) healthcare clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

Hybrid Entity

Consistent with the requirements as set forth in 45 C.F.R. §§ 164.103 and 164.105 as related to HIPAA and HITECH, Drexel University is one legal entity, specifically a hybrid entity. A hybrid entity includes both covered and non-covered functions, and designates its health care components as provided in the Privacy Rule. If a covered entity is a hybrid entity, the Privacy Rule generally applies only to its designated health care components. However, non-health care components of a hybrid entity may be affected because the health care component is limited in how it can share PHI with the non-health care component.

Data Custodian

The person designated by Deans, Department Chairs and Faculty Practice Administrators to be responsible for the management of particular data sets of the departments, offices, or Units, and responsible for the creation or collection of the data.

Electronic Media

Any electronic computing device, such as a laptop or desk computer, PDA or other devices used to store e-PHI, diskettes, compact discs, DVDs, tapes, and other similar devices.

Electronic Information Resources

All computing machinery, networks and communication equipment and networks.

Electronic Protected Health Information (e-PHI)

Protected health information that is maintained in or transmitted by Electronic Media.


The Health Insurance Portability and Accountability Act of 1996.


The Health Information Technology for Economic and Clinical Health (HITECH) Act, enacted as part of the American Recovery and Reinvestment Act of 2009, signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology. Subtitle D of the HITECH addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the HIPAA rules.

Omnibus Rule

The final rule that implements a number of provisions of HITECH, enacted as part of the American Recovery and Reinvestment Act of 2009, to strengthen the privacy and security protections for health information established under HIPAA.

Privacy Rule

The regulation promulgated under HIPAA at 45 CFR §§ 160, 162 and 164 entitled Standards for Privacy of Individually Identifiable Health Information, Final Rule and under the Omnibus Rule.

Protected Health Information

Individually identifiable health information that is transmitted or maintained in any form or medium, including genetic information about a patient.

Security Incident

The attempted or successful unauthorized access, use, disclosure, modification, or destruction of information or interference with system operations in an information system.

Security Reminders

Periodic updates or reminders about security-related issues.

Security Rule

The regulation promulgated under HIPAA at 45 CFR §§ 160, 162 and 164 entitled Health Insurance Reform: Security Standards, Final Rule and under the Omnibus Rule.

System Administrator

The designated person responsible for setting up and maintaining hardware and/or software.


An actual or suspected violation of any Drexel University HIPAA Privacy and Security Program Compliance Policy, including any Business Associate policy.

Workforce Member

All Drexel University employees, faculty, staff and students.


Electronic computing devices.

Additional definitions are set forth in various Drexel University HIPAA Privacy and Security Policies.

 Back to Top