Designation of the UW–Madison Health Care Component (UW HCC)

Layout for printing

Policy Number:

UW-100

Old Policy Number:

HIPAA 1.1

Responsible Office:

Office of Compliance

University Policy

Rationale/​Purpose:

HIPAA (Health Insurance Portability and Accountability Act) regulations apply to businesses and individuals in the health care industry such as health plans and health care providers. These are called “covered entities,” meaning they are ‘covered’ by HIPAA. UW–Madison is a “hybrid entity” because the campus includes both units that perform HIPAA-covered functions (such as providing health care) and units that do not. As a hybrid entity, UW–Madison has designated its units that perform covered functions and individuals or units that perform support functions on behalf of those designated units as its "health care component."

Definitions:

Covered entity

A health plan, health care clearinghouse, or health care provider that transmits any health information in electronic form in connection with a transaction covered by HIPAA.

Health care component (HCC)

A component or combination of components of a hybrid entity designated by the hybrid entity as covered by HIPAA.

Hybrid entity

A single legal entity that meets the definition of a covered entity under HIPAA, but whose business activities include both covered and non-covered functions, and that designates a health care component.

UW-Madison Health Care Component (UW HCC) 

Those units of UW–Madison that have been designated by the university as part of its health care component under HIPAA.

Scope:

Applies to all members of the UW HCC.

Policy:

1. Determination of Membership in the UW–Madison Health Care Component (UW HCC)

   The final determination for inclusion in or exclusion from the UW HCC is made by the HIPAA Privacy Officer with consultation from HIPAA Security Officer, subject to the approval of the Chancellor through the HIPAA policy approval process.

2. Units of the Designated UW–Madison Health Care Component, include:
   1. School of Medicine and Public Health (SMPH), as outlined below:
      1. Anesthesiology
      2. Biostatistics & Medical Informatics
      3. Carbone Cancer Center
      4. Center for Human Genomics and Precision Medicine
      5. Center for Tobacco Research and Intervention
      6. Clinical Research/Clinical Trials Institute
      7. Dermatology
      8. Emergency Medicine
      9. Family Medicine and Community Health
      10. Human Oncology
      11. Institute for Clinical and Translational Research
      12. Medical Physics
      13. Medicine
      14. Neurological Surgery
      15. Neurology
      16. Obstetrics and Gynecology
      17. Ophthalmology and Visual Sciences
      18. Orthopedics and Rehabilitation Medicine
      19. Otolaryngology-Head and Neck Surgery
      20. Pathology and Laboratory Medicine
      21. Pediatrics
      22. Psychiatry
      23. Radiology
      24. Surgery
      25. Urology
      26. Wisconsin Alzheimer’s Institute (WAI)
      27. The following “central” SMPH administrative personnel and offices to the extent they perform support functions on behalf of any of the other HCC units:
          1. HIPAA Privacy and Security coordinators
          2. Information technology staff
          3. Risk Management
          4. Senior administrators and their staff
          5. Human Resources
          6. Fiscal Affairs
   2. School of Pharmacy, as outlined below:
      1. Clinical units
      2. The following “central” School of Pharmacy administrative personnel and offices to the extent they perform support functions on behalf of any of the other HCC units:
         1. HIPAA Privacy and Security coordinators
         2. Information technology staff
         3. Senior administrators and their staff
         4. Human Resources
         5. Business Office
   3. School of Nursing
   4. Waisman Center clinics and programs, as outlined below:
      1. Brain Imaging Core
      2. Community Ties Clinic and Program
      3. Waisman Early Childhood Program
      4. Waisman employees and agents who work within any of the UW Health-owned clinics jointly operated by Waisman and UW Health in Waisman space
      5. The following “central” Waisman Center administrative personnel and offices to the extent they perform support functions on behalf of any of the other HCC units:
         1. HIPAA Privacy and Security coordinators
         2. Information technology staff
         3. Senior administrators and their staff
         4. Human Resources
         5. Fiscal Affairs
         6. Clinical Translational Core (CTC)
   5. University Health Services
   6. Wisconsin State Laboratory of Hygiene (excluding: the Environmental Testing unit, the Forensic Toxicology unit, the OSHA Testing unit, the OSHA Consultation Program, and the Labor Statistics Program)
   7. Division of Intercollegiate Athletics (Athletics Department), as outlined below:
      1. Credentialed health care providers
      2. Staff members interacting with protected health information
      3. The following “central” Division of Intercollegiate Athletics administrative personnel and offices to the extent they perform support functions on behalf of any of the other HCC units:
         1. HIPAA Privacy and Security coordinators
         2. Information technology staff
         3. Senior administrators and their staff
         4. Human Resources
         5. Business Office
   8. Environment, Health & Safety (EH&S), as outlined below:
      1. Environmental Health
      2. Ergonomics
      3. Occupational Medicine
      4. Occupational Health
      5. Office of Radiation Safety
      6. The following “central” EH&S administrative personnel and offices to the extent they perform support functions on behalf of any of the other HCC units:
         
         1. HIPAA Privacy and Security coordinators
         2. Information technology staff
         3. Senior administrators and their staff
         4. Human Resources
         5. Business Office
   9. School of Education, as outlined below:
      1. Kinesiology
      2. The following “central” School of Education administrative personnel and offices to the extent they perform support functions on behalf of any of the other HCC units:
         
         1. HIPAA Privacy and Security coordinators
         2. Information technology staff
         3. Senior administrators and their support staff
         4. Human Resources
         5. Business Office
   10. The following central campus administrative personnel and offices within the university, to the extent they perform support functions on behalf of any of the HCC units listed in this policy and must access protected health information in performing those support functions:
       1. Accounting Services
       2. Division of Information Technology
       3. McBurney Disability Resource Center
       4. Office of Compliance
       5. Office of Human Resources
       6. Office of Legal Affairs
       7. Office of Research Compliance
       8. UW-Madison Institutional Review Boards (IRBs)
       9. Other individuals or offices may become part of the HCC for limited projects. Such individuals must contact the HIPAA Privacy Officer if their work necessitates the need to access protected health information prior to such access.
   11. Individuals enrolled or appointed at UW-Madison outside units of the HCC designated above and listed on human subjects protocols become members of the HCC, for the duration of such research, when:
       
       1. Conducting research involving the use of individually identifiable health information; and
       2. At least one individual with an appointment in any unit of the HCC designated above is a collaborator.
   12. In unclear circumstances, final determination on inclusion in the HCC is made by the HIPAA Privacy Officer.

Related UW-Madison Policies:

UW-101 Designation of the University of Wisconsin Affiliated Covered Entity (ACE)

Related UW–Madison Documents, Web Pages, or Other Resources:

Compliance: HIPAA

Office of Compliance Policies and Forms

Policy Administration

Approval Authority:

Vice Chancellor for Legal Affairs

Policy Manager:

HIPAA Privacy Officer

Contact:

HIPAA Privacy Officer -- Jack Talaska, JACK.TALASKA@WISC.EDU, (608) 265-4077

Effective Date:

04-14-2003

Revised Dates:

09-22-2014: Effective date of the revised policy: 09-22-2014.
11-29-2017: Effective date of the revised policy: 11-29-2017.
03-26-2020: Effective date of the revised policy: 03-26-2020.
07-14-2020: Effective date of the revised policy: 07-14-2020.
03-30-2021: Effective date of the revised policy: 03-30-2021.
05-17-2021: Effective date of the revised policy: 05-17-2021.
06-14-2022
11-16-2022
05-30-2024
01-26-2025
10-19-2025

Retrieved:

02-10-2026 07:29:40