Frequently Asked Questions
What is a "hybrid entity" and how
is it relevant to local governments?
- "Hybrid entity" defined:
If a covered entity performs functions that are unrelated
to their role as health care providers, health plans
or health care clearinghouses, the HIPAA privacy regulations
permit a covered entity to designate itself a "hybrid
entity."1 A covered entity that designates itself a hybrid entity
must specifically identify those "health care
components" that are required to comply with
the privacy regulations.
- Example: All counties perform
many functions that are entirely unrelated to the
provision of health care or the administration of
a health plan. Assume for the purpose of this example
that a county (rather than the individual departments)
is a covered entity. It would be appropriate to designate
the county as a "hybrid entity" for purposes
of the privacy regulation and to identify several
of the departments (e.g., the health department, DSS,
EMS) as "health care components." Only those
departments that are "health care components"
must comply with the privacy rule. It may also be
appropriate to designate portions of individual
departments (such as adult services within the department
of social services) rather than an entire department
as a "health care component," thereby minimizing
the impact of the privacy regulation on that department.
Back to Top
145 C.F.R. § 164.504(a)-(c).
Back to FAQs
|
