This toolkit is intended for privacy officers, public health practitioners and their attorneys. It includes legal, policy and practical guidance to understand and implement HIPAA’s hybrid entity option. It includes:
» A review of the legal issues involved in becoming a hybrid entity and the importance of HIPAA coverage re-assessment
» FAQs on becoming a hybrid entity, supported by a more detailed regulatory reference table, including commentary
» Information on the impact HIPAA coverage has on data sharing
» Information on how becoming a hybrid entity reduces risk and compliance burden
» Guidance on how to determine whether becoming a hybrid entity is the right choice
» Guidance on developing a hybrid entity policy, including a policy template
Most health departments have programs that are covered by the Health Insurance Portability and Accountability Act, Public Law 104-191 (“HIPAA”), such as health care providers who bill electronically, clinics or health plans. Health departments may also provide traditional public health services that are not covered by HIPAA, such as surveillance, inspections, outbreak investigation and injury prevention programs.