Revised: 03/10/2015, 10/09/2013, 06/10/2013, 04/04/2013
UT Dallas has designated itself as a Hybrid Entity as defined by the 45 CFR § 164.105. The UT Dallas healthcare component that is required to comply with the HIPAA Privacy Rule consists of:
Callier Center for Communication Disorders. The Callier Center is a health care provider, as defined by 45 CFR § 160.103. The other offices designated below provide services to the Callier Center which require access to protected health information (PHI) maintained on behalf of the Callier Center. For purposes of this manual, references to the Callier Center include all other offices providing support and service to the Callier Center.
The Office of the University Attorney. The University Attorney provides legal counsel and representation to the University that may require access to PHI held by the Callier Center or by other University Offices on behalf of the Center. To the extent that the Center or other University offices require representation or counsel from the University Attorney that requires disclosure or maintenance of Callier Center PHI, the University Attorney, and the staff reporting to the University Attorney who require access to Callier Center PHI to provide support services to the University Attorney, are designated as a Business Associate of the Callier Center.
The Office of lnformation Security. The University’s Information Security Officer serves as the University’s HIPAA Security Officer. To the extent that the Security Officer and designated staff need access to records that contain PHI within Callier, as well as Callier Center PHI maintained by other offices outside of Callier that perform services for it as its Business Associates, to ensure that all such PHI is being maintained confidentially and securely as required by HIPAA and to perform other Information Security duties, the Office of Information Security is designated as a Business Associate of the Callier Center.
The Office of Procurement Management. Employees of Accounts Payable within this Office receive, reconcile, and process invoices for reimbursements for Callier which require these employees to access Callier Center PHI. To the extent that its employees require access to or maintain Callier Center PHI to perform invoicing services, the Office of Procurement Management is designated a Business Associate of the Callier Center.
The Office of Information Resources. This Office provides technical support for the information technology infrastructure of the University, including Callier. To the extent that Information Resources requires access to the Callier Center’s PHI in its databases and information technology applications in order to support information resource services to Callier, the Office of lnformation Resources is designated as a Business Associate of the Callier Center.
The Office of Budget and Finance. Employees within the Accounting and Budget departments require access to Callier Center PHI to perform account reconciliations and other business functions on behalf of Callier. To the extent the Office requires access to or maintains Callier Center PHI, the Office of Budget and Finance is designated as a Business Associate of the Callier Center.
The Office of Internal Audit. The University’s internal auditors require access to PHI maintained inside and outside of Callier to ensure that the University offices are providing audit and assurance services to UT Dallas, and helping enhance operations, governance, risk management, and control processes. To the extent certain auditors must access Callier Center PHI for this purpose, the Office of Internal Audit is designated as a Business Associate of the Callier Center.
The Office of Institutional Compliance. The University’s compliance personnel facilitate compliance training, assist compliance programs in UT Dallas designated high-risk areas to ensure sufficient monitoring, training and reporting are in place, and assist the University to comply with federal, state, and local policies and procedures. To the extent that the Office requires access to Callier Center PHI for these purposes, the Office of Institutional Compliance is designated as a Business Associate of the Callier Center.
The Office of Environmental Health and Safety. The University’s records manager, who is part of Environmental Health and Safety, is responsible for maintaining the University’s records in accordance with the University’s records retention policies and applicable law. The records manager requires access to Callier Center PHI, including PHI that is maintained by University Offices as Business Associates of Callier, currently stored in paper format to ensure proper handling and disposition of such records. To the extent the records manager requires access to Callier Center PHI for this purpose, the Office of Environmental Health and Safety is designated as a Business Associate of the Callier Center.
The Office of Advancement. The HIPAA Privacy Standards permit a Covered Entity to use patient demographic information, health insurance status, date of patient healthcare services, general department providing the services, treating provider information, and general outcome information for the purpose of contacting patients or a patient’s personal representative to conduct fundraising activities. To the extent that it requires access to this PHI from the Callier Center for the fundraising purposes permitted by the HIPAA Privacy Standards, and subject to the restrictions provided by the HIPAA Privacy Standards and this Manual, the Office of Development and Alumni Relations is designated as a Business Associate of the Callier Center.
The Office of Strategic Planning and Analysis. The Office of Strategic Planning and Analysis (OSPA) provides support to the University through effective planning, institutional research and evaluation. Such support includes gathering information and data maintained within the University’s Financial Management Solution (FMS) system at the request of other offices and departments within the UT Dallas health care component. The information included within FMS may include Protected Health Information (PHI). To the extent OSPA requires access to PHI from the Callier Center for the institutional purposes set forth in this paragraph, the Office of Strategic Planning and Analysis is designated as a Business Associate of the Callier Center.
All members of the UT Dallas Workforce employed within the health care component are required to be familiar with and comply with this manual as well as HIPAA Privacy and Security Rules, the Breach Rule and any other requirement applicable to a HIPAA Covered Entity.
Reviewed and Approved: 06/09/2015
Donise Pearson, HIPAA Privacy Officer
UT Dallas Callier Center