Consistent with the requirements as set forth in 45 C.F.R. §§
164.103 and 164.105 as related to HIPAA and HITECH, Drexel University is one
legal entity, specifically a hybrid entity. A hybrid entity includes both
covered and non-covered functions, and designates its health care components
as provided in the Privacy Rule. If a covered entity is a hybrid entity, the
Privacy Rule generally applies only to its designated health care components.
However, non-health care components of a hybrid entity may be affected because
the health care component is limited in how it can share PHI with the
non-health care component.
Covered entities are defined in the HIPAA rules as (1) health plans, (2)
health care clearinghouses, and (3) health care providers who electronically
transmit any health information in connection with transactions for which HHS
has adopted standards.
HIPAA Privacy Policies and Procedures
Notice of Privacy Practices
Back to Top