Hybrid Covered Entity Designation

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) permits an organization that engages in both HIPAA covered and non-covered functions to designate itself as a hybrid covered entity.  As a hybrid covered entity, the organization is permitted to place areas which engage in activities regulated under HIPAA into a health care component.  The areas inside the health care component must follow HIPAA regulations; however, the areas which are outside the health care component are not bound by HIPAA regulations. 


The University of Louisville has designated itself as a hybrid covered entity.  The following areas have been designated to be within the University of Louisville health care component. 

*  Department of Athletics - subdivision which processes the level-funded insurance plan offered to student athletes

*  Department of Audit Services

*  Department of Environmental Health & Safety

*  Department of Risk Management

*  Department of University Advancement/Development – subdivision which performs fundraising activities

*  Human Resources - subdivisions which process employee health plan (e.g. Benefits; includes the Get Healthy Now program until its’ expiration on 12/31/20 )

*  Information Security Office

*  Information Technology Department

*  Office of Communications & Marketing

*  Office of Finance/Controller – subdivisions of the Controller’s Office which process health care related payments

*  Office of University Counsel

*  Procurement Services - ProCard Staff only

*  School of Dentistry and affiliated Institutes and Centers

*  School of Medicine and affiliated Institutes and Centers (includes Campus Health and the Prevention, Education, and Advocacy on Campus and in the Community (PEACC) Program; excludes all research activities; NOTE:  Student data is governed by FERPA regulations)

*  School of Nursing

 University Archives & Records – the subdivision which handles and/or stores protected health information

*  University Integrity & Compliance Office

*  University Privacy Office.


Revised/Reviewed May 26, 2022