PROBLEM WITH THIS WEBPAGE?
Report an accessibility problem
To report another problem, please contact brandon.richardson@marquette.edu.
Marquette University is an institution of higher education. As part of its educational mission, Marquette has components whose activities include health care provider functions covered by HIPAA as well as many functions unrelated to the provision of health care. HIPAA permits institutions like Marquette to designate the health care providing and supporting components of its operations as subject to Privacy Rule compliance and to exclude the unrelated components from compliance. The Privacy Rules call this a hybrid entity.
The HIPAA covered components are those components of Marquette that either: 1) perform covered health care functions; or 2) conduct business activities (so-called "business associate" functions) that support those health care functions. Marquette retains the overall responsibility for ensuring compliance with the Privacy Rules and for implementing safeguards to ensure against the improper use or disclosure of your personal health information within Marquette, such as establishing firewalls, so that the non-covered components do not improperly have access to your protected personal health information. For most practical purposes, the Privacy Rules treat only the health care component and identified business function components as the "covered entity" and the remaining organization as if it were a separate uncovered entity. The health care components are generally prohibited from sharing protected health information with the larger organization unless the disclosure has been authorized by the individual or is otherwise permitted by the regulation.
Marquette University designates the following units as the segments of its organization that comprise the health care components.
The above Health Care Provider and Business Associate Function Units comprise the designated Marquette University covered hybrid entity. All administrators, faculty, staff, and students of the University in those designated units are obligated to comply with this University Policy and the various additional policies and procedures promulgated for their unit. Failure to do so can result in significant fines to the University, and employee or academic disciplinary action for those not complying. Covered individuals that violate HIPAA Privacy Policies and Procedures, Privacy Rules, or other applicable federal or state privacy law will be subject to disciplinary action, possibly up to and including termination of employment or dismissal from their academic program pursuant to established disciplinary policies.