HIPAA Designation



Georgia Institute of Technology (“GIT”) is a unit of the Board of Regents of the University System of Georgia (the “USG”).  The USG engages in covered functions as defined by the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191, 45 C.F.R. §§ 160, 162 and 164), as amended by the Health Information Technology for Economic and Clinical Health Act of 2009 (Public Law 111-5)(hereinafter, collectively, “HIPAA”).  Because some portions of the USG are not engaged in covered functions (see 45 C.F.R. §164.103), the USG has designated itself as a hybrid entity as defined by HIPAA (see 45 C.F.R. §164.103) (hereinafter, the “USG Hybrid Entity”).  Any portion of the USG engaged in a covered function or performing business associate activities (see 45 C.F.R. §160.103) for another component of the USG engaged in a covered function, as those terms are defined by HIPAA, is deemed by the USG to be a part of the health care component (the “Health Care Component”) of the USG Hybrid Entity.  Each USG institution is responsible for identifying the components, business units, colleges or schools that are a part of such Health Care Component.  

GIT, as a unit of the USG, hereby designates the following components of GIT that are part of the USG Hybrid Entity Health Care Component, and are required to comply with any applicable HIPAA regulations:

  • Stamps Health Services
  • Enterprise Data Management (“EDM”)
    • EDM is a unit within the Finance and Planning organization of Administration and Finance.  In order to expand capacity at Stamps Health Services, EDM will serve in a business associate role as a Health Care Component of the USG Hybrid Entity for the limited purposes of: (i) data aggregation and analysis in direct support of GIT’s COVID-19 testing program; and (ii) data aggregation, analysis and integration in direct support of GIT's COVID-19 vaccine program.

NOTE:  Protected Health Information (PHI) excludes student education records and treatment records maintained by GIT as defined and covered by the Family Educational Rights and Privacy Act (FERPA), as amended (20 U.S.C. 1232(g)) and employment records maintained by a covered entity, including a hybrid entity, in its role as an employer.  (See 45 C.F.R. § 160.103).  Also specifically excluded is any individually identifiable health information received by GIT pursuant to the conduct of research.