Skip to main content

UNC Health HIPAA Policies are Applicable to the UNC School of Medicine (UNC SOM)


The UNC Health HIPAA policies have been prepared for the purpose of ensuring compliance with Sections 261 through 264 of the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (HIPAA), as modified in the Health Information Technology for Economic and Clinical Health Act (HITECH), and its implementing regulations at 45 CFR Parts 160 and 164, as the same may be amended from time to time (the HIPAA Security, Breach Notice, and Privacy Rules), all of which are collectively referred to herein as HIPAA.


Each UNC Health Affiliate is also independently a Covered Entity or a HIPAA covered component under HIPAA. UNC Health and the UNC SOM have designated themselves as an Affiliated Covered Entity (ACE), as sent forth in 45 CFR §§ 164.103 and 164.105(b), which means that they are considered a single Covered Entity for HIPAA compliance purposes. This designation allows the UNC Health ACE members to share a common set of HIPAA policies, procedures and forms, and also impacts the sharing of protected health information (PHI) among the members. The UNC SOM, as a member of the UNC Health ACE, has adopted the UNC Health HIPAA policies and procedures for the purposes of HIPAA compliance.

Throughout the UNC Health HIPAA policies and procedures, the members and affiliates of UNC Health are sometimes collectively referred to as UNC Health entities. Some members or affiliates of UNC Health are agencies of the State of North Carolina or its subdivisions, but others are not. Use of the UNC Health entity term of reference in no way relates to, implies, or designates a member or affiliate of UNC Health as an agency of the State of North Carolina or its subdivisions pursuant to N.C. Gen. Stat. § 116-37 or any other applicable law. The term is solely used for convenience.