Overview
Congress passed the Health Insurance Portability and Accountability Act (“HIPAA”), Public Law 104-191 in 1996, which required the Department of Health and Human Services (“HHS”) to adopt national standards for electronic health care transactions and code sets, privacy, security and unique health identifiers. The HIPAA Privacy Rule defines the hybrid entity and sets forth the organizational requirements, including standards and implementation specifications. 45 CFR §§ 164.103 and 164.105(a) and (c). The rule provides that the legal entity that is a hybrid entity must implement safeguards and undertake certain responsibilities with respect to its covered entity and business associate components.
The HIPAA Privacy Rule defines the hybrid entity and sets forth the organizational requirements, including standards and implementation specifications. 45 CFR §§ 164.103 and 164.105(a) and (c). The rule provides that the legal entity that is a hybrid entity must implement safeguards and undertake certain responsibilities with respect to its covered entity and business associate components.