fbpx
Contact Us
Blog September 26, 2016

Student Health and HIPAA Compliance on College Campuses

Health Insurance Portability and Accountability Act (HIPAA) regulations are commonly associated with health care and health plan providers. However, HIPAA applies to all covered entities, hybrid entities, and business associates, including some universities and colleges that provide student health care services and have access to protected health information (PHI).

How Colleges Manage Student Records

Enactment of federal legislation, such as the Family Education Rights and Privacy Act (FERPA) and HIPAA, has significantly changed how colleges maintain and release student records. These laws regulate who controls disclosure records and regulates the ability to amend the records by students or parents. This means that university administrators must balance federal and state laws in order to protect student and faculty privacy.

Compliance with HIPAA

Because an academic health center might conduct electronic transactions as well as exchange PHI, colleges and the health center are considered covered entities. However, they can also elect to be a hybrid entity. To do this, the college designates the health care components within the organization. The health care components would include any department that meets the definition of a covered entity; health plans, health care clearinghouses, and health care providers who electronically transmit any health information with transactions. Therefore, HIPAA regulations would only apply to the health care components.

Colleges with medical or dental schools or affiliated hospitals are concerned about the human and financial resources that must be allocated to achieve compliance with HIPAA because they deliver healthcare services in numerous ways. Many colleges provide healthcare in hospitals, clinics, and student health centers, or through affiliated faculty practices that provide patient care.

Protecting Student Healthcare Information

With the help of HIPAA compliant managed hosting from a business associate, colleges can face the ever-changing HIPAA compliance requirements as well as meet the needs of the HIPAA Omnibus Rule. This rule requires Business Associate Agreements for any vendor or service provider who has access to PHI. They will also have the ability to standardize the way electronic PHI data is exchanged and improve security standards in order to protect confidential healthcare information and records. HIPAA regulations can vary depending on the institution. Because of the concern of human and financial resources, it’s common for a university or college to work with a cloud service provider under a business associate agreement. Connectria’s comprehensive HIPAA Compliant Solutions include the option of hosting within our data centers or within leading public clouds such as AWS and Microsoft Azure.

Contact Connectria if you would like to learn how Connectria can help your organization become HIPAA compliant.

Related Resources

 
Connectria’s IBM Business Recognized for Excellence, Here’s How We Do It
In 2019, the IBM Think conference garnered over 30,000 attendees. This year’s conference, like a lot of events, changed course when the COVID-19 pandemic hit.…
 
Connectria’s Green Cloud Initiative Going Strong
After the successful launch of Connectria’s Green Cloud Initiative earlier this year, we continue our work with green computing. To follow up on how the…
 
The Cloud Center of Excellence: An Essential Tool for Cloud Success
Today, it’s not a question of whether an organization has workloads housed in the cloud. Instead, the question is what percentage of their workloads they’ve…