Jump to main content

HIPAA

Health Insurance Portability and Accountability Act

Hipaa Banner image

HIPAA Compliance at UNC

 

The Health Insurance Portability and Accountability Act (HIPAA) is designed to protect an individual's health information (referred to as "Protected Health Information" or PHI). It is also designed to restrict how PHI may be used and disclosed by health care providers, health plans, and those accessing PHI.  

What type of entity is UNC?

HIPAA applies to "covered entities," "hybrid entities," and "business associates."Covered entities are defined in the HIPAA rules as health plans, health care clearinghouses, and health care providers who electronically transmit health information. UNC is considered a "hybrid entity" under HIPAA which means that some parts of the University are subject to HIPAA and others are not. Areas that are subject to HIPAA are called "health care components". These areas may include:

  • UNC Human Resources
  • UNC Speech-Language Pathology and Audiology Clinic
  • UNC Cancer Rehab Center
  • Business Associates of the above health care components 

(The University Health Clinic is operated by a third-party vendor and so is not listed here)

Protected health information includes:

  • Information created or received by a health care provider or health plan that includes health information or health care payment information plus information that personally identifies the individual patient or plan member.

Personal identifiers include:

  • A patient's name and email, web site and home addresses; identifying numbers (including Social Security, medical records, insurance numbers, biomedical devices, vehicle identifiers and license numbers); full facial photos and other biometric identifiers; and dates (such as birth date, dates of admission and discharge, death).

What is a Breach of Confidentiality?

  • Accessing confidential information, without a "need to know". Workforce members are prohibited from accessing their own records and records of family members, relatives and others, unless access is necessary to perform assigned duties.
  • Assisting an unauthorized user to gain access to secured information
  • Disclosing confidential information without proper authorization
  • Transferring or discussing confidential information with or in the presence of individuals who do not have the "need to know" 
  • Improper disposal of PHI

If your department is considered a health care component (one of the UNC departments listed above) and you think there has been a breach of confidentiality, you are required to contact the UNC HIPAA Privacy Official immediately. 

Contact Us:
Deb Miller UNC Privacy Official
debra.miller@unco.edu
970-351-1919

To review HIPAA Policy and Procedures visit U.S. The Department of Health and Human Services (DHHS)

.

To contact a HIPAA Trainer or Privacy Official go to: CONTACT US

nursing students

North of the Norm

Contact UNC

970-351-1890
501 20th St.
Greeley, CO 80639

Social Media

About UNC

Quicklinks

Page Last Updated: Today | Contact for this Page: Deb Miller

Privacy Policy | Affirmative Action/Equal Employment Opportunity/Title IX Policy & Coordinator