Hybrid Covered Entity Designation — UofL Privacy Office

The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) permits an organization that engages in both HIPAA covered and non-covered functions to designate itself as a hybrid covered entity. As a hybrid covered entity, the organization is permitted to place areas which engage in activities regulated under HIPAA into a health care component. The areas inside the health care component must follow HIPAA regulations; however, the areas which are outside the health care component are not bound by HIPAA regulations.

The University of Louisville has designated itself as a hybrid covered entity. The following areas have been designated to be within the University of Louisville health care component.

Campus Health Services (excludes the Prevention, Education, and Advocacy on Campus and in the Community (PEACC) Program and the Health Promotion Program) - subdivision of services provided to non-students
Department of Athletics - subdivision which processes the level-funded insurance plan offered to student athletes
Department of Audit Services
Department of Environmental Health & Safety
Department of Risk Management
Department of University Advancement/Development – subdivision which performs fundraising activities
Human Resources - subdivisions which process employee health plan (e.g., Benefits; Total Rewards program)
Information Security Compliance Office
Information Technology Services
Office of Communications & Marketing
Office of Finance/Controller – subdivisions of the Controller’s Office which process health care related payments
Office of University Counsel
Procurement Services – ProCard staff only
School of Dentistry and affiliated Institutes and Centers (includes research activities)
School of Medicine – clinics/divisions listed below (NOTE: excludes research activities and clinics/physician practices that are owned/operated by University of Louisville Health)

Dept of Pathology - Forensic Pathology
Division of Infectious Disease - 550 Clinic
Division of Infectious Disease - International Travel, Refugee Health & Immunization
Division of Infectious Disease - University of Louisville Infectious Disease Laboratory
Division of Infectious Disease - Civil Surgeon Clinic

University Archives & Records – the subdivision which handles and/or stores protected health information
University Integrity & Compliance Office
University Privacy Office

Revised/Reviewed January 2023

Privacy/Security Training

Privacy & Security training can be completed as a group through interactive, live training sessions or individually via online training modules.

Contact the Privacy Office for further information or to schedule a training session.

Stacie McCutcheon, MA, CHPC, CCEP
Privacy Officer

UofL Privacy Office
215 Central Avenue, Suite 205
Louisville, KY 40208
Phone: 502-852-3803
Email: privacy@louisville.edu