HIPAA
The University of Nebraska is committed to protecting the privacy and security of health information, as mandated by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act of 2009 (HITECH). HIPAA and HITECH establish national standards for protecting the privacy and security of health information and define specific rights for individuals with respect to their health information.
Hybrid Entity
The University of Nebraska has declared itself a hybrid entity. A hybrid entity is a covered entity that engages in both covered and non-covered functions. Once a component of the University becomes a covered component (for example, because it is a provider component and it transmits health information electronically in connection with one or more standard transactions), the component becomes subject to the mandates of the Privacy Rule.
The President of the University of Nebraska is authorized to and shall be responsible for designating and documenting the covered and non-covered components of the University. Although the University as a hybrid covered entity remains responsible for oversight, compliance, and enforcement obligations, the HIPAA Privacy Rule requirements apply only to the covered components designated by the University. Please contact one of the individuals below if you have any questions regarding HIPAA compliance or whether institutional, research, or other data is protected by the HIPAA Privacy Rule and the Security Rule.
Affiliated Covered Entity Arrangement
The University of Nebraska Medical Center (a covered component of the University) participates in an Affiliated Covered Entity arrangement with The Nebraska Medical Center, University Dental Associates, Bellevue Medical Center, LLC, and Nebraska Pediatric Practice, Inc. for the purpose of assuring coordinated HIPAA compliance across these affiliated entities.
Contacts
University of Nebraska Medical Center
Deb Bishop
Privacy Officer
debrbishop@nebraskamed.com
402-559-5136
Lisa Bazis
Security Officer
lbazis@unmc.edu
402-559-2882
Office of the President/Non-UNMC Campuses
Drew Nielsen
Privacy Officer
dnielsen17@nebraska.edu
402-554-3715
Christopher Cashmere
Security Officer
ccashmere@nebraska.edu
402-472-1423
University of Nebraska Group Health Plan
Drew Nielsen
Privacy Officer
dnielsen17@nebraska.edu
402-554-3715
Christopher Cashmere
Security Officer
ccashmere@nebraska.edu
402-472-1423
Report an Incident
Any incident involving the possible breach of privacy of protected health information should be reported as soon as possible to the appropriate contact listed above. Alternatively, you may submit an anonymous report via the University’s EthicsPoint reporting service.
HIPAA Education & Training
Any individual, whether employed by, leased to, or a volunteer of, the University whose assigned responsibilities are to support a covered component of the University will be required to participate in and successfully complete initial and periodic HIPAA training appropriate to their responsibilities and their need for access to and use of protected health information. Inquiries and/or requests regarding HIPAA training should be directed to the applicable Privacy Officer.
Business Associate Agreements
All business associate relationships will be memorialized in business associate agreements. Business associates should be properly identified and should have access to protected health information only after giving satisfactory written contractual assurances that they will use, safeguard and disclose protected health information in accordance with their assurances. All business associate agreements for Central Administration and campuses other than UNMC shall be reviewed by the Office of the Vice President and General Counsel and signed by an authorized University signatory. Upon execution, a copy of the executed business associate agreement for Central Administration and campuses other than UNMC shall be provided to the applicable Privacy Officer. All business associate agreements for UNMC shall be reviewed according to the process set forth by UNMC and signed by an authorized University signatory. Upon execution, a copy of the executed business associate agreements for UNMC shall be provided to the applicable individual identified in UNMC processes.