The University of Nebraska is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information.
The University of Nebraska has declared itself a hybrid entity. A hybrid entity is a covered entity that engages in both covered and non-covered functions. Once a component of the University becomes a covered component (for example, because it is a provider component and it transmits health information electronically in connection with one or more standard transactions), the component becomes subject to the mandates of the Privacy Rule.
The President of the University of Nebraska is authorized to and shall be responsible for designating and documenting the covered and non-covered components of the University. Although the University as a hybrid covered entity remains responsible for oversight, compliance, and enforcement obligations, the HIPAA Privacy Rule requirements apply only to the covered components designated by the University. Please contact one of the individuals below if you have any questions regarding HIPAA compliance or whether institutional, research, or other data is protected by the HIPAA Privacy Rule and the Security Rule.
Affiliated Covered Entity Arrangement
The University of Nebraska Medical Center (a covered component of the University) participates in an Affiliated Covered Entity arrangement with The Nebraska Medical Center, University Dental Associates, Bellevue Medical Center, LLC, and Nebraska Pediatric Practice, Inc. for the purpose of assuring coordinated HIPAA compliance across these affiliated entities.