HIPAA Hybrid Entity Designation

Document Description

Previously, The University of Texas System Administration designated itself as a “Hybrid Entity” for purposes of Title 2 of the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, 1996, as amended by the Health Information Technology for Economic and Clinical Health (HITECH) Act, and the Privacy and Security Regulations at 45 CFR §§ 160 and 164 (hereinafter
collectively, “HIPAA”). 1
 
A single legal entity that otherwise qualifies as a hybrid entity must designate a component or combination of components as its HIPAA Health Care Components in accordance with 45 C.F.R. §§ 164.103 and 164.105(a)(2)(iii)(D). A HIPAA Health Care Component is a component of the single legal entity that would meet the definition of a HIPAA Covered Entity if it were a separate entity; or an office within the Hybrid Entity that accesses Protected Health Information of an office that is a Health Care Component for the purpose of providing services to the Health Care Component. Pursuant to amendments of the HIPAA Privacy Standards which require compliance by September 23, 2013, The University of Texas System Administration has revised its HIPAA Health Care Component as
follows: 

  • The Office of Employee Benefits (“OEB”) to the extent that it performs covered functions as the administrator of the self-funded group health plans that EGI makes available to the employees of The University of Texas System pursuant to the Uniform Insurance Benefit Act for Employees of the University System and the Texas A&M System, Texas Insurance Code Chapter 1601;
  • The Office of Employee Services, to the extent that it performs covered functions on behalf of the self-funded group health plans that EGI makes available to the employees of The University of Texas System institutions (System institutions);
  • The Office of General Counsel, which performs covered functions on behalf of the OEB and System institutions that are Covered or Hybrid Entities 3  that are required to comply with HIPAA; provides legal services to the UT System institutions that are HIPAA Covered or Hybrid Entities that require access to those institutions’ HIPAA Protected Health Information;
  • The Office of Technology and Informational Services, which performs covered functions on behalf of the self-funded group health plans that OEB makes available to the employees of The University of Texas System and the Office of General Counsel; 
  • The Audit Office, which provides services to OEB and UT System institutions that are HIPAA Covered and/or Hybrid Entities that require access to those institutions’ HIPAA Protected Health Information.
  • The Office of Systemwide Compliance, whose compliance officers provide services to OEB and the UT System institutions that are HIPAA Covered and/or Hybrid Entities that require access to those institution’s HIPAA Protected Health Information. In addition, this Office includes the Office of Systemwide Security Compliance which performs covered functions on behalf of the self-funded group health plans that OEB makes available to the employees of The University of Texas System and the Office of General Counsel, as well as services to UT System institutions that are HIPAA Covered and/or Hybrid Entities, and employs the System Administration’s HIPAA Privacy Officer.

This document serves as the written designation of the Health Care Components of The University of Texas System Administration required by 45 C.F.R 164.504(c)(3)(iii). This revised designation shall become effective as of February 1, 2017 and supersedes the previous designation that took effect September 1, 2013.


1 The Privacy Standards define a hybrid entity at 45 C.F.R. § 164.103 as a single legal entity: (1)
that is a covered entity; (2) whose business activities include both covered and non-covered
functions; and (3) that designates health care components in accordance with paragraph §
164.105(a)(2)(iii)(D).
2 A Covered Entity is a health care provider that maintains or transmits any health information in
electronic form, a health plan or a health care clearinghouse.

3 The System institutions which are HIPAA Covered Entities are its six health science institutions.
The System institutions that are HIPAA Hybrid Entities are The University of Texas at Austin and
The University of Texas at Dallas. In addition, The University of Texas at Arlington was a Hybrid
Entity but has ceased providing services that rendered it a Hybrid Entity. However, it continues to
maintain some records that contain Protected Health Information that is subject to HIPAA.

Details

Release Date

Responsible Office(s)

Employee Benefits

Document Type

HIPAA

Related

UT System Links