Skip to Content
Network for Public Health Law
Health Information and Data Sharing

HIPAA Hybrid Entity Status

Most health departments have programs that are covered by the Health Insurance Portability and Accountability Act, Public Law 104-191 (“HIPAA”), such as health care providers who bill electronically, clinics or health plans. Health departments may also provide traditional public health services that are not covered by HIPAA, such as surveillance, inspections, outbreak investigation and injury prevention programs.

View Resources Learn More

Resources

FAQ

Tribal HIPAA Hybrid Entity FAQs

Read More
Use Case

Evaluating HIPAA Coverage: Three Use Cases

Read More
Resource Collection

HIPAA Hybrid Entity Toolkit

Read More

Explore more sub-topics related to Health Information and Data Sharing

COVID-19: Health Data Sharing and Privacy

Learn More

IZ Gateway Project

Learn More

De-identification of Data

Learn More

Federal Privacy Laws

Learn More

Learn More

A closer look at HIPAA Hybrid Entity Status

Becoming a Hybrid Entity is Important for Data Sharing 

To improve important data sharing, health departments that elected to be fully covered by HIPAA should now re-evaluate the option to generally restrict HIPAA to only those programs that are required under law to comply with HIPAA. This is known as becoming a hybrid entity.

Periodically Re-assessing Hybrid Status is Critical for Compliance

Health departments should periodically re-evaluate HIPAA coverage. Changes in organizational structure, function or technology may cause changes in HIPAA classification. Failure to ensure that all components are currently and properly HIPAA assessed may result in significant regulatory exposure to enforcement action, including civil monetary penalties. Additionally, health departments’ re-assessment of HIPAA coverage may result in cost savings through reduced compliance burden and regulatory exposure.

Health departments that have not re-assessed their HIPAA coverage since 2013, should do so now, as changes in law dictate different results for both hybrid entities as well as health departments that are fully covered by HIPAA.

For background on HIPAA, including definitions, view/download Read Me First.


Explore Topics

Related Empowered Public Health System Resources

How we can help

Legal Research and Assistance

Experienced legal experts are available to answer questions and provide research, analysis and guidance. Let us know what you’re working on and together we can figure out how we can help.

Learn More


Legal Assistance Library

Explore the Network’s Legal Assistance Library to find answers to commonly asked questions on a variety of public health topics.

Access Library