Overview
This resource summarizes tools for understanding, evaluating and becoming a Hybrid Entity. The U.S. Department of Health and Human Services, Office for Civil Rights (OCR), also hosts a comprehensive website regarding the HIPAA Privacy Rule that includes many useful guidance documents, tools and training materials regarding HIPAA privacy and security regulations. The website is at http://www.hhs.gov/ocr/privacy.
- For a “Summary of the HIPAA Privacy Rule” that provides information on who is covered, what it means to be a hybrid entity and what information is protected, go to https://www.hhs.gov/hipaa/for-professionals/privacy/laws-regulations/index.html.
- For FAQs regarding becoming a hybrid entity, go to:
- “Are state, county or local health departments required to comply with the HIPAA Privacy Rule?” This FAQ explains how a health department can become a hybrid entity. https://www.hhs.gov/hipaa/for-professionals/faq/358/are-state-county-or-local-health-departments-required-to-comply-with-hipaa/index.html.
- “When does a covered entity have discretion to determine whether a research component of the entity is part of their covered functions, and therefore, subject to the HIPAA Privacy Rule?” https://www.hhs.gov/hipaa/for-professionals/faq/315/when-does-a-covered-entity-have-discretion-to-determine-covered-functions/index.html.
- “Can a postsecondary institution be a “hybrid entity” under the HIPAA Privacy Rule?” https://www.hhs.gov/hipaa/for-professionals/faq/522/can-a-postsecondary-institution-be-a-hybrid-entity-under-hipaa/index.html.
