| Policy Title | HIPAA Covered Function Designation Policy |
|---|---|
| Responsible Office | ITS Information Security |
| Policy Type | Legal and Compliance |
| Policy Number | 905 |
| Last Revision Date | 10/31/2024 |
Summary
91社区 designates covered functions that are required follow laws and regulations in order to protect the privacy, security, and integrity of protected health information.
Policy Statement
91社区鈥檚 President designates certain areas as covered functions employing any of the following criteria:
- An area that would meet the definition of a covered entity.
- An area that is a business associate of an external covered entity.
- An area that accesses PHI for research and/or education purposes.
Only areas designated as covered functions by 91社区 may hold HIPAA Protected Health Information, PHI.
All other areas of 91社区 will be considered non-covered functions.
The campus shall appoint a HIPAA Privacy Officer and a HIPAA Security Officer. The HIPAA Privacy and Security Officers will periodically verify the status of the covered and non-covered components. 91社区 designated covered functions will designate a HIPAA Associate to oversee compliance with HIPAA and university policies.
Each area designated as HIPAA designated function will be subject to the HIPAA Privacy and Security policies, standards and procedures established by 91社区 HIPAA Privacy and Security Officers.
Background
The Health Insurance Portability and Accountability Act of 1996 (鈥淗IPAA鈥) is a law intended to protect individually identifiable information relating to the physical or mental health of an individual, the provision of health care to the individual, or the payment for the provision of health care to the individual (鈥淧rotected Health Information鈥; or PHI). HIPAA applies to 鈥淐overed Entities,鈥 which include health plans, health care clearing houses and health care providers that conduct specified transactions electronically (鈥淐overed Entities鈥; or each a 鈥淐overed Entity鈥 and their business associates.)
The State University of New York (SUNY) is the covered entity for HIPAA purposes. SUNY is designated as a hybrid entity under HIPAA. SUNY is comprised of activities that are not components covered under HIPAA and designated covered functions covered under HIPAA.
91社区 as a component of SUNY may designate campus covered functions as part of the SUNY hybrid entity. HIPAA requirements apply only to the 91社区 University HIPAA designated covered functions.
Applicability
This policy applies to all 91社区 PHI data regardless of its form or location.
Contact Information
Michael Behun
HIPAA Privacy Officer
HIPAA Security Officer
Chief Information Security Officer
behun@binghamton.edu
| Date | Description | Responsible Party |
| 10/31/2024 | Bi-annual review conducted. No changes. | ITS Information Security |