5. What parts of the University are required to comply with the HIPAA Privacy Regulations?
The University is a "hybrid entity" because its business activities include both covered and non-covered functions under HIPAA. The University engages in education and health care activities. As a hybrid entity, the University is required to designate its "health care components" which are the parts of the University that are required to comply with HIPAA. The University's Health Care Components include:
The exchange of PHI with a part of the University that is not designated as a Health Care Component is considered a disclosure that must be authorized by the patient or otherwise permitted by HIPAA.
a. College of Medicine and OU Physicians;
b. School of Community Medicine - Tulsa and OU Physicians-Tulsa;
c. College of Dentistry;
d. College of Allied Health;
e. College of Pharmacy;
f. College of Nursing;
g. College of Public Health;
h. Goddard Health Center;
i. George Nigh Rehabilitation Center;
j. Athletic Department;
k. Counseling Psychology Clinic
l. HSC Student Counseling Services
n. Certain Administrative offices