Revision of HIPAA Privacy Policy

Effective Date: 
Wednesday, March 18, 2020

University Policy 605.2  has been revised to:

  1. designate the University as a “hybrid entity,” under HIPAA,
  2. clarify that the Student Health Center and the Christine F. Price Center for Counseling and Psychological Services and any University research component that creates, receives, transmits or maintains personal health information are the “covered health care components” of the hybrid entity,
  3. delete the Department of Athletics and the Office of Disability Services as covered health care components of the hybrid entity,
  4. identify the Chief Compliance Officer as the HIPAA Privacy Officer,
  5. identify the Assistant Vice Chancellor for Network Infrastructure as the HIPAA Security Officer, and
  6. clarify that reports of a privacy breach involving personal health information should be made to the HIPAA Privacy Officer.