Blog September 26, 2016

Student Health and HIPAA Compliance on College Campuses

Health Insurance Portability and Accountability Act (HIPAA) regulations are commonly associated with health care and health plan providers. However, HIPAA applies to all covered entities, hybrid entities and business associates, including some universities and colleges that provide student health care services and have access to protected health information (PHI).

Enactment of federal legislation, such as the Family Education Rights and Privacy Act (FERPA) and HIPAA, has significantly changed how colleges maintain and release student records. These laws regulate who controls disclosure records and regulates the ability to amend the records by students or parents. This means that university administrators must balance federal and state laws in order to protect student and faculty privacy.

Because an academic health center might conduct electronic transactions as well as exchange PHI, colleges and the health center are considered covered entities. However, they can also elect to be a hybrid entity. To do this, the college designates the health care components within the organization. The health care components would include any department that meets the definition of a covered entity; health plans, health care clearinghouses, and health care providers who electronically transmit any health information with transactions. Therefore, HIPAA regulations would only apply to the health care components.

Colleges with medical or dental schools or affiliated hospitals are concerned about the human and financial resources that must be allocated to achieve compliance with HIPAA because they deliver health care services in numerous ways. Many colleges provide health care in hospitals, clinics, and student health centers, or through affiliated faculty practices that provide patient care.

With the help of HIPAA compliant managed hosting from a business associate, colleges can face the ever-changing HIPAA compliance requirements as well as meet the needs of the HIPAA Omnibus Rule, which requires Business Associate Agreements for any vendor or service provider who has access to PHI. They will also have the ability to standardize the way electronic PHI data is exchanged and improve security standards in order to protect confidential health care information and records. HIPAA regulations can vary depending on the institution. Because of the concern of human and financial resources, it is common for a university or college to work with a cloud service provider under a business associate agreement. Connectria’s comprehensive HIPAA Compliant Solutions include the option of hosting within our data centers or within leading public clouds such as AWS and Microsoft Azure.

If you would like to learn how Connectria can help your organization become HIPAA compliant, please contact us.

 

 

Related Resources

 
Disaster Recovery Options For The IBM i Series
In 2017, Forrester Research partnered with the Disaster Recovery Journal to look at the state of disaster recovery preparedness in today’s companies. The results were…
 
7 Signs You May Need Help With Your Azure or AWS Deployment
According to Cloud Computing Trends: 2017 State of the Cloud Survey, companies house 41% of their workloads in a public cloud like Microsoft Azure or…
 
6 Ways to Build a Better Relationship with Your MSP
Thinking of leveraging a “managed service provider” in 2019? You’re not alone! IDC’s 2017 research found that 30% of executives outsource at least some of…