Blog September 26, 2016

Student Health and HIPAA Compliance on College Campuses

Health Insurance Portability and Accountability Act (HIPAA) regulations are commonly associated with health care and health plan providers. However, HIPAA applies to all covered entities, hybrid entities and business associates, including some universities and colleges that provide student health care services and have access to protected health information (PHI).

Enactment of federal legislation, such as the Family Education Rights and Privacy Act (FERPA) and HIPAA, has significantly changed how colleges maintain and release student records. These laws regulate who controls disclosure records and regulates the ability to amend the records by students or parents. This means that university administrators must balance federal and state laws in order to protect student and faculty privacy.

Because an academic health center might conduct electronic transactions as well as exchange PHI, colleges and the health center are considered covered entities. However, they can also elect to be a hybrid entity. To do this, the college designates the health care components within the organization. The health care components would include any department that meets the definition of a covered entity; health plans, health care clearinghouses, and health care providers who electronically transmit any health information with transactions. Therefore, HIPAA regulations would only apply to the health care components.

Colleges with medical or dental schools or affiliated hospitals are concerned about the human and financial resources that must be allocated to achieve compliance with HIPAA because they deliver health care services in numerous ways. Many colleges provide health care in hospitals, clinics, and student health centers, or through affiliated faculty practices that provide patient care.

With the help of HIPAA compliant managed hosting from a business associate, colleges can face the ever-changing HIPAA compliance requirements as well as meet the needs of the HIPAA Omnibus Rule, which requires Business Associate Agreements for any vendor or service provider who has access to PHI. They will also have the ability to standardize the way electronic PHI data is exchanged and improve security standards in order to protect confidential health care information and records. HIPAA regulations can vary depending on the institution. Because of the concern of human and financial resources, it is common for a university or college to work with a cloud service provider under a business associate agreement. Connectria’s comprehensive HIPAA Compliant Solutions include the option of hosting within our data centers or within leading public clouds such as AWS and Microsoft Azure.

If you would like to learn how Connectria can help your organization become HIPAA compliant, please contact us.



Related Resources

Do I Need to Comply With HIPAA/HITECH Privacy Rules?
In 2009, the U.S. Congress passed The Health Information Technology for Economic and Clinical Health (HITECH) Act as part of the American Recovery and Reinvestment…
What ISVs Need to Know About Hosting SaaS Apps in Healthcare
As reported in the HIPAA Journal, the HHS has issued a clarification statement for when business associates can be fined for non-compliance. If you are…
Your Crash Course on Security in the Cloud (and of the Cloud)
You’ve no doubt realized by now that cybercrime isn’t going away anytime soon. What you might not know is that approximately 43 percent of all…