Blog September 26, 2016

Student Health and HIPAA Compliance on College Campuses

Health Insurance Portability and Accountability Act (HIPAA) regulations are commonly associated with health care and health plan providers. However, HIPAA applies to all covered entities, hybrid entities and business associates, including some universities and colleges that provide student health care services and have access to protected health information (PHI).

Enactment of federal legislation, such as the Family Education Rights and Privacy Act (FERPA) and HIPAA, has significantly changed how colleges maintain and release student records. These laws regulate who controls disclosure records and regulates the ability to amend the records by students or parents. This means that university administrators must balance federal and state laws in order to protect student and faculty privacy.

Because an academic health center might conduct electronic transactions as well as exchange PHI, colleges and the health center are considered covered entities. However, they can also elect to be a hybrid entity. To do this, the college designates the health care components within the organization. The health care components would include any department that meets the definition of a covered entity; health plans, health care clearinghouses, and health care providers who electronically transmit any health information with transactions. Therefore, HIPAA regulations would only apply to the health care components.

Colleges with medical or dental schools or affiliated hospitals are concerned about the human and financial resources that must be allocated to achieve compliance with HIPAA because they deliver health care services in numerous ways. Many colleges provide health care in hospitals, clinics, and student health centers, or through affiliated faculty practices that provide patient care.

With the help of HIPAA compliant managed hosting from a business associate, colleges can face the ever-changing HIPAA compliance requirements as well as meet the needs of the HIPAA Omnibus Rule, which requires Business Associate Agreements for any vendor or service provider who has access to PHI. They will also have the ability to standardize the way electronic PHI data is exchanged and improve security standards in order to protect confidential health care information and records. HIPAA regulations can vary depending on the institution. Because of the concern of human and financial resources, it is common for a university or college to work with a cloud service provider under a business associate agreement. Connectria’s comprehensive HIPAA Compliant Solutions include the option of hosting within our data centers or within leading public clouds such as AWS and Microsoft Azure.

If you would like to learn how Connectria can help your organization become HIPAA compliant, please contact us.



Related Resources

It’s Time to Add Social Media to Your HIPAA Compliance Checklist
Whether they’re not-for-profits or more commercially focused operations, healthcare providers are in the business of healthcare. That means they care about developing relationships with their…
Know Your Audit Reports! More Advice on Vetting Cloud Providers
In a recent post, we discussed four ways to vet a cloud provider before trusting them with your mission-critical workloads. If you missed that post,…
It’s Time to Be Honest About IT
Most people are familiar with the saying fake it until you make it. We might even be able to name people who have made it…