Privacy Rule refers to the Standards for Privacy of Individually
Identifiable Health Information which is set forth in 45 CFR
160 and 164. The regulation was published on December 28, 2000.
Part 160 was amended on May 31, 2002, and Parts 160 and 164
amended on August 14, 2002. The date on which covered entities
must be in compliance with the Privacy Rule, also called the
date, is April 14, 2003.
Protected Health Information (PHI) means
individually identifiable health information that is created
or received by or on behalf
the covered entity (defined below). PHI excludes individually
identifiable health information that is an education record
covered by the Family
Educational Rights and Privacy Act (FERPA).
If you are both a clinician or health care provider and a researcher,
any information you create or receive that is incidental to
role as a health care provider is PHI.
Individual, as used in this document, refers to the person
who is the subject of PHI.
Research means a systematic investigation, including research
development, testing, and evaluation, designed to develop or
contribute to generalizable
Covered entity means an entity that is subject to the
HIPAA regulations, typically in our context a provider
Marquette University is a "hybrid entity" with
seven separate health care components, each of which
is a "covered entity" and
therefore subject to the regulations.
Care Provider Units are:
- School of Dentistry
- College of Nursing
- College of Health Sciences - departments
of Speech Pathology and Audiology
- Department of Counseling
and Educational Psychology
- Department of Psychology
- Student Health Service
- Counseling Center
HIPAA requires these units of the University
take special care to protect individually identifiable health
to report certain disclosures and use of that