The Department of Public Health (MDPH) is a Hybrid Entity. The Department determined that it is a hybrid entity, a covered entity whose business activities include both covered and non-covered functions under HIPAA. Only the programs that engage in covered functions are required to comply with HIPAA's privacy, security, and transactions and code sets requirements. However, programs that do not engage in covered functions must still comply with the Department's Confidentiality Policy and Procedures.


A detailed description of the Department's hybrid status includes answers to several questions related to this status, as well as the impact of HIPAA on MDPH's public health responsibilities.

Additional Resources

This information is provided by the Privacy and Data Compliance Office within the Department of Public Health.