The Health Insurance Portability and Accountability Act of 1996 (HIPAA) was enacted by the U.S. Congress “to amend the Internal Revenue Code of 1986 to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes.”
HIPAA regulates health care providers (Covered Entities) that electronically maintain or transmit protected health information (PHI) in connection with a covered transaction. Covered Entities (CE) are required to maintain reasonable and appropriate administrative, technical, and physical safeguards for privacy and security as well as comply with statutory provisions for electronic transactions, code sets, and personal identifiers. Business Associates (BA) are entities or individuals who contract to perform services for a CE and have access to PHI. Business associates of the UNCG CEs may be other UNCG units that perform work on behalf of the CE; and UNCG units may also serve as a business associate to a CE other than a UNCG CE. Business Associates are also required to comply with the HIPAA privacy and security standards subject to a Business Associate Agreement.
The University of North Carolina at Greensboro (UNCG) is a hybrid entity subject to HIPAA because certain units of the University are covered entities and/or business associates. UNCG is required to identify its units that meet the CE definition, ensure CE and BA compliance with implementation of privacy and security safeguards, and enforce CE and BA compliance with HIPAA regulations. UNCG has chosen a decentralized model, with University-wide coordination, to comply with the Act.
The UNCG Covered Entities:
- The Psychology Clinic
- The UNCG Speech and Hearing Center
- Student Health Services
- The UNCG ADHD Clinic (provides ACCESS program services to UNCG students)
Each CE has appointed a Compliance Officer or Officers.
UNCG Business Associates may include, for example, Intercollegiate Athletic Training, Research Institutes, and faculty performing research with PHI on behalf of a CE.
To provide campus-wide leadership for compliance, the University also designates HIPAA Privacy and Security Officers. These University officers are:
- HIPAA Privacy, Kathleen Baber, firstname.lastname@example.org, 334-3147
Director of Student Health Services, Student Affairs
- HIPAA Security, Bryce Porter, email@example.com, 334-4374
University Information Security Officer, Information Technology Services
Additional information concerning HIPAA may be obtained at the following sources:
- UNCG HIPAA Compliance Policy
- UNCG Institutional Review Board (IRB)
- Application to Use Protected Health Information in Research
- Centers for Medicare and Medicaid Services
- UNCG Business Associate Agreement Form
- ITS HIPAA Security Compliance Recommendations
E-MAIL communications between UNCG HIPAA covered entities and patients/clients guidelines.
Updated July 15, 2019