UNM Regents' Policy Manual 2.13.4 - University HIPAA Compliance Policy

2.13.4 Subject: UNIVERSITY HIPAA COMPLIANCE POLICY
Adopted: March 10, 2003

Preamble

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the regulations issued by the Department of Health and Human Services under the Administrative Simplification subtitle of HIPAA (the “Regulations”) establish a regulatory scheme to protect the confidentiality of personal health care information. The Regulations permit an institution like the University of New Mexico (the “University”) that includes health care components and non-health care components to designate itself a “hybrid covered entity.” As a hybrid covered entity, the University can limit the application of HIPAA and the Regulations to its designated health care components. One purpose of this policy is to designate the health care components of the University. The other purpose of this policy is to delegate the administrative authority to assure that the University complies with HIPAA and the Regulations.

Applicability

This policy applies to the components of the University designated as health care components of the University, and to the officers of the University charged with taking action to assure compliance with HIPAA and the Regulations.

Policy

The University shall be deemed a “hybrid covered entity” within the meaning of the Regulations. Certain components of the University, as set forth in Exhibit A to this policy, will be designated “health care components” of the University. The health care components will be required to comply with HIPAA and the Regulations.

Implementation

The President of the University shall delegate responsibility to assure compliance with HIPAA and the Regulations to the appropriate officers of the University. In furtherance of the University’s compliance effort, health care components of the University will be required to prepare budgets, as necessary, for implementation and compliance with HIPAA and the Regulations, and shall approve necessary expenditures of funds and resources to assure compliance. The President, or his designee, may revise Exhibit A, as appropriate, by adding or deleting health care components. Provision will be made to certify the training of University personnel in the health care components about compliance with HIPAA and the Regulations. The President is also authorized to take any additional actions necessary to assure compliance of the University with HIPAA and the Regulations.

Appointment of Privacy Officer

The President shall cause a Privacy Officer to be appointed for the University, as required by the Regulations, and any additional staff necessary for timely implementation and compliance with HIPAA and the Regulations.

References

The Administrative Simplification Provisions of the Health Insurance Portability & Accountability Act of 1996 (HIPAA), codified at 42 USC § 1320d. Regulations pursuant to HIPAA codified at 45 CFR, Parts 160, 162, and 164.

EXHIBIT A

THE UNIVERSITY OF NEW MEXICO
Health Care Components Designated
As a Hybrid Entity Pursuant to Regulations
Promulgated Pursuant to the Health Insurance Portability & Accountability
Act of 1996, As Amended

The operations of the University of New Mexico ("UNM"), as a hybrid covered entity under 42 C.F.R. Part 164.504 hereby designates the following operations as health care components for purposes of complying with the Health Care Insurance Portability and Accountability Act of 1996:

1. The Health Sciences Center, excluding the Tumor Registry and the Office of the State Medical Investigator for the State of New Mexico in fulfilling its statutory duties as coroner

2. Telemedicine programs on all UNM campuses

3. Counseling Assistance & Referral Services

4. Center for Family & Adolescent Research

5. Center for Exercise

6. Psychology Clinic

7. Speech and Hearing Sciences

8. Employee Health Promotion Program

9. Student Health Center, excluding those activities covered by the Family Education Rights and Privacy Act, 20 U.S.C. 1232g, as amended

10. Office of the University Counsel

11. Risk Management Department

12. Internal Audit Department

Comments should be sent to BRPM@UNM.edu

Go to:
Table of Contents
Table of Contents - Section 2
Regents' Policy Manual Homepage

The University of New Mexico
Albuquerque, New Mexico