Public Health's Covered Entity Status under HIPAA

The Department of Public Health (MDPH) is a Hybrid Entity

The Department determined that it is a hybrid entity, a covered entity whose business activities include both covered and non-covered functions under HIPAA. Only the programs that engage in covered functions are required to comply with HIPAA's privacy, security, and transactions and code sets requirements. However, programs that do not engage in covered functions must still comply with the Department's Confidentiality Policy and Procedures.

Documents

A detailed description of the Department's hybrid status includes answers to several questions related to this status, as well as the impact of HIPAA on MDPH's public health responsibilities.

Additional Resources

Contact   for Public Health's Covered Entity Status under HIPAA

Phone

General inquiries relating to Privacy & Confidentiality at the Department of Public Health

Address

Department of Public Health, Privacy & Data Compliance Office (PDCO)
250 Washington St., 2nd floor, Boston, MA 02108-4619

Help Us Improve Mass.gov  with your feedback

Please do not include personal or contact information.
Feedback