Division of Student Affairs
Student Life Support & Resources Leadership & Involvement Health & Wellness About Us
Student Life
Dining & Housing Stamp Student Union Student Experience & Culture Terps Learn Everywhere Events & Traditions
Support & Resources
Crisis & Immediate Support Bias Incident Reporting Dean of Students Thrive Center Accessibility & Disability Service Scholarships & Funds
Leadership & Involvement
Student Organizations Fraternity & Sorority Life Campus Employment Community Service & Learning Keep Connected
Health & Wellness
Recreation & Wellness Counseling & Mental Health Health Center Trainings & Requirements HIPAA
About Us
Our Team Departments Vision, Mission, and Values Strategic Plan Staff Development Make a Gift Contact Us
Dining & Housing Stamp Student Union Student Experience & Culture Terps Learn Everywhere Events & Traditions
Crisis & Immediate Support Bias Incident Reporting Dean of Students Thrive Center Accessibility & Disability Service Scholarships & Funds
Student Organizations Fraternity & Sorority Life Campus Employment Community Service & Learning Keep Connected
Recreation & Wellness Counseling & Mental Health Health Center Trainings & Requirements HIPAA
Our Team Departments Vision, Mission, and Values Strategic Plan Staff Development Make a Gift Contact Us

HIPAA

University Compliance with HIPAA

The University of Maryland includes units, such as the University Health Center, that provide health care to individuals, who may include students, staff, visitors, and others. It includes other units that may have access to information related to this health care because of their activities in support of the health care provider unit. It is the policy of the University that the security of health care related information and the privacy of individuals be protected to the maximum extent possible, in accordance and consistent with the Federal Health Insurance Portability and Accountability Act of 1996 (HIPAA), with other applicable statutes, and with the overall responsibility of the University to support the privacy rights and concerns of its members. This site provides information concerning the University's policies and actions in response to the Privacy and Security rules associated with HIPAA. For information please see the links on this page or contact the University Privacy Officer. Complaints should initially be directed to the office most directly involved. Unresolved complaints should be addressed to the Privacy Officer.

UMD HIPAA Policy Patient Rights and Responsibilities

Does HIPAA apply to me?

Answer the questions below to assess if you are required to be a covered entity under HIPAA. Covered entities provide health care services (physical or mental), so if you provide such services, these questions should help your determination.

1. Do you provide health care services?
2. Do you provide services to non-students?
3. Do you bill for these services?
4. Do you accept insurance

If you answered yes to all of the questions, you are likely subject to HIPAA as a covered entity.

If you answered no to any of the questions, you are not subject to HIPAA.

FAQ For Health Care Services

What UMD health care services need to be compliant with HIPAA?

Any UMD activity that provides mental or physical health care services to non-students and electronically transmits certain health information is required to be compliant with HIPAA.

Why only non-students?

In post-secondary education, the privacy of protected health information (PHI) for students is governed by the Family Educational Rights and Privacy Act (FERPA). If you want to know more about FERPA contact the Office of General Counsel (https://www.president.umd.edu/office-general-counsel).

What if I use protected health information in my research but do not provide health care services?

The use of protected health information by itself does not trigger HIPAA compliance. However, if you are acquiring protected health information from a covered entity as defined by HIPAA (e.g., a health care provider), then certain compliance requirements may apply. You should consult with the source of your protected health information, and UMD’s Office of General Counsel (https://www.president.umd.edu/office-general-counsel).

What if I provide health care services to non-students but I don’t electronically transmit health information?

It is likely you do not need to comply with HIPAA. However, the HIPAA criteria that define electronic transmissions are complex and so if you provide health care services to non-students it is safest to discuss it with the HIPAA Privacy Officer (HIPAA-Privacy@umd.edu).

The UMD HIPAA survey asks if my activity charges for health care services. Why is this important?

Charging for services can involve electronic transmission of information that might trigger HIPAA. Generally, if only cash or checks are accepted this does not trigger HIPAA. However, if you directly bill insurance plans (private and/or Medicaid/Medicare) for payment, this will require the electronic transmission of health information governed by HIPAA and compliance is required. If you charge for health care services to non-students, in any form, you should contact the HIPAA Privacy Officer (HIPAA-Privacy@umd.edu).

What programs are currently covered by HIPAA at UMD?

The University of Maryland is a Hybrid Entity under the HIPAA Privacy Rule. This means we are allowed to have covered and non-covered functions. The University Health Center is a covered entity under HIPAA. The Health Center must work with other units on campus where it might be necessary to disclose PHI to these units in order to carry out its health care function. These units are defined as business associates under HIPAA and must comply with requirements to ensure the safeguarding of protected health information. General Counsel, Chief Information Security Officer, and the HIPAA Privacy Officer are considered business associates.
Email the HIPAA Team HIPAA Privacy Officer

  

Division of Student Affairs
2108 Mitchell Building, 7999 Regents Drive, College Park, MD 20742
StudentAffairs@umd.edu 1-301-314-8428