Jump to Footer

Health Insurance Portability & Accountability Act (HIPAA)

SUNY Plattsburgh has designated itself to be a hybrid entity, i.e., a single legal entity that is a covered entity and whose covered functions are not its primary functions.

HIPAA rules provide federal protections for patient health information held by Covered Entities and Business Associates. HIPAA gives patients many rights with respect to their health information.

As a hybrid entity, SUNY Plattsburgh must comply with healthcare privacy laws, such as the Health Insurance Portability and Accountability Act (HIPAA) when performing covered functions. Those units performing covered functions are committed to providing quality health care services which includes respecting participants’ rights to maintain the privacy of their health information and ensuring appropriate security of all protected health information.

What is HIPAA?

HIPAA is federal law that sets the standards for protecting protected health information. HIPAA provides portability of health insurance Title I of the HIPAA protects health insurance coverage for workers and their families when they change or lose their jobs. It also protects consumer rights, improve efficiency and effectiveness of health care delivery and reduce opportunities for fraud and abuse.

Title II, the Administrative Simplification of the HIPAA, requires the Department of Health and Human Services to establish national standards for electronic health care transactions and national identifiers for providers, health plans, and employers. It also addresses the security and privacy of health data.

Where Does HIPAA Apply on Campus?

The following units perform covered functions:

  • Center for Neurobehavioral Health
  • Speech and Hearing Center
  • Student Health and Counseling Center

HIPAA applies to the protected health information (PHI) of non-students receiving services from one of our covered units. An impact analysis conducted for SUNY Plattsburgh included the assessment of all campus functions to determine these covered functions. Computer systems, policies, procedures and processes were assessed for each of these areas.

Student records created and maintained by the Student Health and Counseling Center, including immunization information, are considered part of the student’s education record and are protected from disclosure under FERPA.

Learn More About FERPA

Additional Affected Units

SUNY Plattsburgh has chosen to bring the following areas into compliance with the HIPAA:

  • Athletic Training Facilities
  • Ward Hall Counseling Clinic

Student records created and maintained by the campus, including immunization information, are considered part of the student’s education record and are protected from disclosure under FERPA.

Other divisions that may perform support functions for the units performing covered functions include Administration and Finance and Academic Affairs.

Resources for Providers

HIPAA Policy Library

FERPA & HIPAA Infographic

Privacy Pointers — March 2018

Last updated Jan. 31, 2023

Back to top