The Department determined that it is a hybrid entity, a covered entity whose business activities include both covered and non-covered functions under HIPAA. Only the programs that engage in covered functions are required to comply with HIPAA's privacy, security, and transactions and code sets requirements. However, programs that do not engage in covered functions must still comply with the Department's Confidentiality Policy and Procedures.
Documents
A detailed description of the Department's hybrid status includes answers to several questions related to this status, as well as the impact of HIPAA on MDPH's public health responsibilities.
Additional Resources
Contact for Public Health's Covered Entity Status under HIPAA
Phone
General inquiries relating to Privacy & Confidentiality at the Department of Public Health