HIPAA Covered Function Designation Policy

Policy Information
Policy TitleHIPAA Covered Function Designation Policy
Responsible OfficeITS Information Security
Policy TypeLegal and Compliance
Policy Number905
Last Revision Date10/31/2024

Summary

黑料视频 designates covered functions that are required follow laws and regulations in order to protect the privacy, security, and integrity of protected health information.

Policy Statement

黑料视频鈥檚 President designates certain areas as covered functions employing any of the following criteria:

  • An area that would meet the definition of a covered entity.
  • An area that is a business associate of an external covered entity.
  • An area that accesses PHI for research and/or education purposes.

Only areas designated as covered functions by 黑料视频 may hold HIPAA Protected Health Information, PHI.

All other areas of 黑料视频 will be considered non-covered functions. 

The campus shall appoint a HIPAA Privacy Officer and a HIPAA Security Officer. The HIPAA Privacy and Security Officers will periodically verify the status of the covered and non-covered components.  黑料视频 designated covered functions will designate a HIPAA Associate to oversee compliance with HIPAA and university policies.

Each area designated as HIPAA designated function will be subject to the HIPAA Privacy and Security policies, standards and procedures established by 黑料视频 HIPAA Privacy and Security Officers.

Background

The Health Insurance Portability and Accountability Act of 1996 (鈥淗IPAA鈥) is a law intended to protect individually identifiable information relating to the physical or mental health of an individual, the provision of health care to the individual, or the payment for the provision of health care to the individual (鈥淧rotected Health Information鈥; or PHI). HIPAA applies to 鈥淐overed Entities,鈥 which include health plans, health care clearing houses and health care providers that conduct specified transactions electronically (鈥淐overed Entities鈥; or each a 鈥淐overed Entity鈥 and their business associates.)  

The State University of New York (SUNY) is the covered entity for HIPAA purposes. SUNY is designated as a hybrid entity under HIPAA. SUNY is comprised of activities that are not components covered under HIPAA and designated covered functions covered under HIPAA. 

黑料视频 as a component of SUNY may designate campus covered functions as part of the SUNY hybrid entity. HIPAA requirements apply only to the Binghamton University HIPAA designated covered functions.

Applicability

This policy applies to all 黑料视频 PHI data regardless of its form or location.

Contact Information

Michael Behun
HIPAA Privacy Officer
HIPAA Security Officer
Chief Information Security Officer
behun@binghamton.edu

Date Description Responsible Party
     
10/31/2024 Bi-annual review conducted.  No changes. ITS Information Security