Health Insurance Portability and Accountability Act (HIPAA) regulations are commonly associated with health care and health plan providers. However, HIPAA applies to all covered entities, hybrid entities, and business associates, including some universities and colleges that provide student health care services and have access to protected health information (PHI).
How Colleges Manage Student Records
Enactment of federal legislation, such as the Family Education Rights and Privacy Act (FERPA) and HIPAA, has significantly changed how colleges maintain and release student records. These laws regulate who controls disclosure records and regulates the ability to amend the records by students or parents. This means that university administrators must balance federal and state laws in order to protect student and faculty privacy.
Compliance with HIPAA
Because an academic health center might conduct electronic transactions as well as exchange PHI, colleges and the health center are considered covered entities. However, they can also elect to be a hybrid entity. To do this, the college designates the health care components within the organization. The health care components would include any department that meets the definition of a covered entity; health plans, health care clearinghouses, and health care providers who electronically transmit any health information with transactions. Therefore, HIPAA regulations would only apply to the health care components.
Colleges with medical or dental schools or affiliated hospitals are concerned about the human and financial resources that must be allocated to achieve compliance with HIPAA because they deliver healthcare services in numerous ways. Many colleges provide healthcare in hospitals, clinics, and student health centers, or through affiliated faculty practices that provide patient care.
Protecting Student Healthcare Information
With the help of HIPAA compliant managed hosting from a business associate, colleges can face the ever-changing HIPAA compliance requirements as well as meet the needs of the HIPAA Omnibus Rule. This rule requires Business Associate Agreements for any vendor or service provider who has access to PHI. They will also have the ability to standardize the way electronic PHI data is exchanged and improve security standards in order to protect confidential healthcare information and records. HIPAA regulations can vary depending on the institution. Because of the concern of human and financial resources, it’s common for a university or college to work with a cloud service provider under a business associate agreement. Connectria’s comprehensive HIPAA Compliant Solutions include the option of hosting within our data centers or within leading public clouds such as AWS and Microsoft Azure.
Contact Connectria if you would like to learn how Connectria can help your organization become HIPAA compliant.