UMass Amherst is a "hybrid entity" with respect to HIPAA regulations. What does this mean?

The Privacy Rule (HIPAA) classifies organizations that generate, use, or need access to protected health information (PHI) into several different organizational formats. These include:

  • Hybrid entity
  • Affiliated covered entity
  • Organized health care arrangement (covered entity)

A "hybrid entity" is an organization that includes one or more "covered entities" (i.e. entities covered by HIPAA) plus has other parts of the organization that are not healthcare providers, health plans, payers, clearing houses, and do not process health data electronically and thus are not covered by HIPAA. UMass Amherst as a whole is a hybrid entity.

FAQ Topic: