Definitions
Privacy Rule refers to the Standards for Privacy of Individually
Identifiable Health Information which is set forth in 45 CFR
Parts
160 and 164. The regulation was published on December 28, 2000.
Part 160 was amended on May 31, 2002, and Parts 160 and 164
were
amended on August 14, 2002. The date on which covered entities
must be in compliance with the Privacy Rule, also called the
compliance
date, is April 14, 2003.
Protected Health Information (PHI) means
individually identifiable health information that is created
or received by or on behalf
of
the covered entity (defined below). PHI excludes individually
identifiable health information that is an education record
covered by the Family
Educational Rights and Privacy Act (FERPA).
If you are both a clinician or health care provider and a researcher,
any information you create or receive that is incidental to
your
role as a health care provider is PHI.
Individual, as used in this document, refers to the person
who is the subject of PHI.
Research means a systematic investigation, including research
development, testing, and evaluation, designed to develop or
contribute to generalizable
knowledge.
Covered entity means an entity that is subject to the
HIPAA regulations, typically in our context a provider
of health
care services.
Marquette University is a "hybrid entity" with
seven separate health care components, each of which
is a "covered entity" and
therefore subject to the regulations.
Marquette's Health
Care Provider Units are:
- School of Dentistry
- College of Nursing
- College of Health Sciences - departments
of Speech Pathology and Audiology
- Department of Counseling
and Educational Psychology
- Department of Psychology
- Student Health Service
- Counseling Center
HIPAA requires these units of the University
take special care to protect individually identifiable health
information and
stand ready
to report certain disclosures and use of that
information.
