Skip to main content
Back To Top Top Back To Top
This website publishes administrative rules on their effective dates, as designated by the adopting state agencies, colleges, and universities.

Rule 3337-3-01 | General Policy on Health Insurance Portability and Accountability Act (HIPAA) Compliance.

 

The version of this rule that includes live links to associated resources is online at https://www.ohio.edu/policy/03-001

(A) Ohio university's commitment to HIPAA compliance as a hybrid entity

Ohio university strives to protect the confidentiality, integrity, and availability of protected health information (PHI) by taking reasonable and appropriate steps to address the requirements of the Health Insurance Portability and Accountability Act of 1996 (HIPAA). HIPAA regulates covered entities, which are health plans, health care clearinghouses and health care providers who transmit any health information in electronic form in connection with a covered transaction. HIPAA requires that each covered entity maintains reasonable and appropriate administrative, technical and physical safeguards for privacy and security. HIPAA also requires that entities or individuals who contract to perform services for a covered entity with access to PHI (referred to as "business associates") comply with the HIPAA privacy and security standards.

Ohio university is a HIPAA hybrid entity as that term is defined by HIPAA at 45 C.F.R. 164.105. As such, its health care components, which are identified in Ohio university's standards and procedures, are subject to and must comply with HIPAA.

This general policy reflects Ohio university's commitment to comply with HIPAA as more fully set forth in the Ohio university HIPAA standards (the "standards"), herein incorporated by reference to this general policy. The standards represent the general operating procedures of Ohio university's health care components and apply to PHI used or disclosed by or on behalf of Ohio university's health care components. To the extent the standards express requirements and obligations above and beyond those required by the HIPAA regulations, the standards will be treated as goals but will not be binding on Ohio university. The standards do not address the requirements of any laws other than the HIPAA privacy regulations. No third party rights (including, but not limited to, rights of individuals or business associates) are intended to be created by the standards

Any questions regarding this general policy or the standards may be directed toward Ohio university's privacy and/or security officer, as may be appropriate. Ohio university reserves the right to change these standards at any time without notice.

The version of this rule that includes live links to associated resources is online at https://www.ohio.edu/policy/03-001

Supplemental Information

Authorized By: 3337.01
Amplifies: 3337.01