A covered entity is (1) a health plan, (2) a health care clearinghouse, or (3) a health care provider (e.g., group practice, solo practitioner) that transmits any health information in electronic form in connection with health care transactions. The Privacy Rule allows covered entities to designate themselves as “hybrid entities” with selected parts subject to the requirements of the Privacy Rule. Indiana University is a covered entity that has chosen hybrid status. Therefore certain areas of the University have to comply directly with HIPAA and other areas have to comply indirectly as Business Associates. At Indiana University (IU), the School of Dentistry (IUSD), the School of Optometry (IUSO), IU Health Services (IUHS), the Department of Speech and Hearing are considered to be covered parts or covered components of the IU covered entity.
Other segments of the University, such as the other health science schools, are not subject to HIPAA through Indiana University. Although the School of Medicine is not involved in the requisite electronic transactions through Indiana University, most of the faculty and many staff members are involved in activities of covered entities (Practice Plans) and must comply with the HIPAA requirements.
« Return to previous FAQs page