For a better experience, click the Compatibility Mode icon above to turn off Compatibility Mode, which is only for viewing older websites.

Privacy Policies

Hybrid Entity

Consistent with the requirements as set forth in 45 C.F.R. §§ 164.103 and 164.105 as related to HIPAA and HITECH, Drexel University is one legal entity, specifically a hybrid entity. A hybrid entity includes both covered and non-covered functions, and designates its health care components as provided in the Privacy Rule. If a covered entity is a hybrid entity, the Privacy Rule generally applies only to its designated health care components. However, non-health care components of a hybrid entity may be affected because the health care component is limited in how it can share PHI with the non-health care component.

Covered Entities

Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards.

HIPAA Privacy Policies and Procedures

Notice of Privacy Practices

 Back to Top