FAQ: COVID-19 and HIPAA   (Updated April 17, 2020)

The Health Information Privacy & Compliance Office is responsible for ensuring that individually identifiable health information is handled appropriately across the entire University.

HIPAA at the University of Minnesota

The University of Minnesota is committed to ensuring appropriate security of all individually identifiable health information and providing quality health care which includes respecting patients' and research participants' rights to maintain the privacy of their health informationn. The regulations governing the requirements of for patient health information are described in the federal law known as the Health Insurance Portability and Accountability Act (HIPAA). This web site provides information and guidance on the policies and procedures related to HIPAA compliance at the University of Minnesota.

The University is considered a "hybrid entity" under HIPAA, which means that some parts of the University are subject to HIPAA and others are not.  The University's health plans, its health care provider services, and those that may access PHI to support the plans or health care provider services are subject to HIPAA.  The areas that make us the University's hybrid entity are sometimes referred to as the University's "health care components."  Areas outside of the University's health care components may also be subject to HIPAA if they act as a "business associate" of an organization that is subject to HIPAA.

M Health

The University of Minnesota, Fairview, and the University of Minnesota Physicians have worked together for many years to provide patient care, conduct research and train the next generation of health care professionals. They operate together under the banner M Health.   

Under HIPAA, these three organizations make up an Organized Health Care Arrangement (OHCA). As members of an OHCA, these organizations are allowed to share PHI with one another in order to manage their joint operations.