UNC Health Care System (UNCHCS) HIPAA Policies are Applicable to the UNC School of Medicine (UNC SOM)


The UNCHCS HIPAA policies have been prepared for the purpose of ensuring compliance with Sections 261 through 264 of the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191 (HIPAA), as modified in the Health Information Technology for Economic and Clinical Health Act (HITECH), and its implementing regulations at 45 CFR Parts 160 and 164, as the same may be amended from time to time (the HIPAA Security, Breach Notice, and Privacy Rules), all of which are collectively referred to herein as HIPAA.


Each UNCHCS Affiliate is also independently a Covered Entity or a HIPAA covered component under HIPAA. UNCHCS and the UNC SOM have designated themselves as an Affiliated Covered Entity (ACE), as sent forth in 45 CFR §§ 164.103 and 164.105(b), which means that they are considered a single Covered Entity for HIPAA compliance purposes. This designation allows the UNCHCS ACE members to share a common set of HIPAA policies, procedures and forms, and also impacts the sharing of protected health information (PHI) among the members. The UNC SOM, as a member of the UNCHCS ACE, has adopted the UNCHCS HIPAA policies and procedures for the purposes of HIPAA compliance.

Throughout the UNCHCS HIPAA policies and procedures, the members and affiliates of the UNCHCS are sometimes collectively referred to as UNCHCS entities. Some members or affiliates of the UNCHCS are agencies of the State of North Carolina or its subdivisions, but others are not. Use of the UNCHCS entity term of reference in no way relates to, implies, or designates a member or affiliate of the UNCHCS as an agency of the State of North Carolina or its subdivisions pursuant to N.C. Gen. Stat. § 116-37 or any other applicable law. The term is solely used for convenience.

*Note: All references to UNC HCS within these policies and procedures are synonymous with UNCHCS.