News for Public Officials and the People They Serve
HIPAA Solutions

Get the newsletter

Related Articles
School Districts and HIPAA - What Are The Compliance Risks?
County Posts Private Medical Data Online
HIPAA Privacy Regulations Impact Schools & Local Government Entities
Ft. Bend County Balks at Release of HIPAA Audit
HIPAA Privacy Regulations Impact Schools & Local Government Entities

New Technology Promises Easier Compliance with Federal Privacy Law
Need Legal Help? Use the LegalMatch Priority Service to Find Pre-screened Lawyers in Your Area Now!
HIPAA Privacy Regulations Impact Schools & Local Government Entities

Compliance with the Federal Health Information Portability & Accountability Act (HIPAA) is required of many public entities, including school districts and other local government entities such as counties or cities, if "Protected Health Information" (PHI) is involved in operations. The HIPAA regulations specifically mention schools and universities in section 45 CFR 160.103 of the HIPAA Privacy Rule along with "health care providers" and "insurers" as organizations that "create and receive protected health information."

In addition, the Texas Health and Safety Code clearly addresses the relation of HIPAA to government and schools:

"Section 181.001 DEFINITIONS. (a) Unless otherwise defined in this chapter, each term that is used in this chapter has the meaning assigned by the Health Insurance Portability and Accountability Act and Privacy Standards. (b) In this chapter: (1) "Commissioner" means the commissioner of health and human services. (2) "Covered entity" means any person who: (A) for commercial, financial, or professional gain, monetary fees, or dues, or on a cooperative, nonprofit, or pro bono basis, engages, in whole or in part, and with real or constructive knowledge, in the practice of assembling, collecting, analyzing, using, evaluating, storing, or transmitting protected health information. The term includes a business associate, health care payer, governmental unit, information or computer management entity, school, health researcher, health care facility, clinic, health care provider, or person who maintains an Internet site; (B) comes into possession of protected health information; (C) obtains or stores protected health information under this chapter; or (D) is an employee, agent, or contractor of a person described by Paragraph (A), (B), or (C) insofar as the employee, agent, or contractor creates, receives, obtains, maintains, uses, or transmits protected health information. (3) "Health Insurance Portability and Accountability Act and Privacy Standards" means the privacy requirements in existence on August 14, 2002, of the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996 (Pub. L. No. 104-191) contained in 45 C.F.R. Part 160 and 45 C.F.R. Part 164, Subparts A and E."

A school district may handle PHI in several areas of operations including nursing, special education, counseling, athletics, safety or human resources and the PHI related to school districts can involve both students and employees. It is important to understand that the HIPAA regulations impact far more areas than group health plans in many organizations.

Get the News for Public Officials newsletter

Sign Up For HIPAA Compliance Email Alerts




The content of this Alert is for informational purposes and not intended as legal advice.