Public Health's Covered Entity Status under HIPAA

The Department of Public Health (MDPH) is a Hybrid Entity

The Department determined that it is a hybrid entity, a covered entity whose business activities include both covered and non-covered functions under HIPAA. Only the programs that engage in covered functions are required to comply with HIPAA's privacy, security, and transactions and code sets requirements. However, programs that do not engage in covered functions must still comply with the Department's Confidentiality Policy and Procedures.


A detailed description of the Department's hybrid status includes answers to several questions related to this status, as well as the impact of HIPAA on MDPH's public health responsibilities.

Additional Resources for Documents


Did you find the information you were looking for on this page? * required
We use your feedback to help us improve this site but we are not able to respond directly. Please do not include personal or contact information. If you need a response, please locate contact information elsewhere on this page or in the footer.
Tell us what you think