Previously, The University of Texas System Administration designated itself as a “Hybrid Entity” for purposes of Title 2 of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, 1996, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Privacy and Security Regulations at 45 CFR §§ 160 and 164 (hereinafter
collectively, “HIPAA”). 1
A single legal entity that otherwise qualifies as a hybrid entity must designate a component or combination of components as its HIPAA Health Care Components in accordance with 45 C.F.R. §§ 164.103 and 164.105(a)(2)(iii)(D). A HIPAA Health Care Component is a component of the single legal entity that would meet the definition of a HIPAA Covered Entity 2 if it were a separate entity; or an office within the Hybrid Entity that accesses Protected Health Information of an office that is a Health Care Component for the purpose of providing services to the Health Care Component. Pursuant to amendments of the HIPAA Privacy Standards which require compliance by September 23, 2013, The University of Texas System Administration has revised its HIPAA Health Care Component as
This document serves as the written designation of the Health Care Components of The University of Texas System Administration required by 45 C.F.R 164.504(c)(3)(iii). This revised designation shall become effective as of February 1, 2017 and supersedes the previous designation that took effect September 1, 2013.
1 The Privacy Standards define a hybrid entity at 45 C.F.R. § 164.103 as a single legal entity: (1)
that is a covered entity; (2) whose business activities include both covered and non-covered
functions; and (3) that designates health care components in accordance with paragraph §
2 A Covered Entity is a health care provider that maintains or transmits any health information in
electronic form, a health plan or a health care clearinghouse.
3 The System institutions which are HIPAA Covered Entities are its six health science institutions.
The System institutions that are HIPAA Hybrid Entities are The University of Texas at Austin and
The University of Texas at Dallas. In addition, The University of Texas at Arlington was a Hybrid
Entity but has ceased providing services that rendered it a Hybrid Entity. However, it continues to
maintain some records that contain Protected Health Information that is subject to HIPAA.