Designation of the University of Wisconsin Affiliated Covered Entity (UW ACE)

Layout for printing

Policy Number:

UW-101

Old Policy Number:

1.2

Responsible Office:

Office of Compliance

University Policy

Rationale/​Purpose:

In enacting HIPAA, Congress mandated the establishment of federal standards for the privacy of individually identifiable health information. Under the patchwork of laws existing prior to adoption of HIPAA and the Privacy Rule, personal health information could be distributed—without either notice or authorization—for reasons that had nothing to do with a patient's medical treatment or health care reimbursement. For example, unless otherwise forbidden by state or local law, without the Privacy Rule patient information held by a health plan could, without the patient’s permission, be passed on to a lender who could then deny the patient's application for a home mortgage or a credit card, or to an employer who could use it in personnel decisions. The Privacy Rule establishes a federal floor of safeguards to protect the confidentiality of medical information. State laws that provide stronger privacy protections apply over and above the federal privacy standards.

Definitions:

Affiliated covered entity (ACE)

A legally separate covered entity that is affiliated (under common ownership or control) and designates itself as a single covered entity for purposes of complying with HIPAA.

Covered entity

A health plan, health care clearinghouse, or health care provider that transmits any health information in electronic form in connection with a transaction covered by HIPAA.

Health care component (HCC)

A component or combination of components of a hybrid entity designated by the hybrid entity as covered by HIPAA.

Hybrid entity

A single legal entity that meets the definition of a covered entity, but whose business activities include both covered and non-covered functions, and that designates a health care component(s).

UW–Madison health care component (UW HCC)

Those units of UW–Madison that have been designated by the university as part of its health care component under HIPAA.

Scope:

Applies to all members of the UW HCC.

Policy:

Policy Summary

The following entities or units thereof comprise the UW ACE:

1. The units of the UW HCC, except University Health Services, the State Laboratory of Hygiene, and the Athletics Department.
2. The University of Wisconsin Hospitals and Clinics Authority.
3. The University of Wisconsin Medical Foundation, Inc.
4. SwedishAmerican Hospital, including SwedishAmerican Medical Group, SwedishAmerican Home Health Care, and SwedishAmerican Medical Center Belvidere.
5. Chartwell-Midwest Wisconsin, LLC and Chartwell-Midwest Wisconsin Health Resources, LLC.

UW–Madison researchers with appointments to departments or programs that are not included in the UW HCC, and key personnel working with such researchers who conduct research involving the use of protected health information in collaboration with researchers with appointments in the UW HCC, are considered members of the UW HCC and, thus, UW ACE for purposes of such research.

Policy Detail

1. Documentation Requirements
   1. In accordance with HIPAA, the UW ACE is formally documented by the members of the UW ACE in an Affiliated Covered Entity Designation Agreement dated July 1, 2019.

Consequences for Noncompliance

Failing to comply with this policy may result in discipline for the individual(s) responsible for such noncompliance.

Further, the U.S. Department ofHealth and Human Services (HHS) Office for Civil Rights (OCR) is responsible for enforcing the HIPAA Privacy and Security Rules, and an individual’s noncompliance may result in institutional noncompliance and/or an investigation by OCR. OCR attempts to resolve investigations by obtaining voluntary compliance and entering into corrective action plans and resolution agreements. Failure to comply with HIPAA or cooperate with OCR in an investigation may result in civil and/or criminal penalties.

Supporting Tools

Additional information may be found at www.compliance.wisc.edu/hipaa.

Related UW-Madison Policies:

UW-100 Designation of the UW-Madison Health Care Component

Related UW–Madison Documents, Web Pages, or Other Resources:

Office of Compliance Policies and Forms

Policy Administration

Approval Authority:

Vice Chancellor for Legal Affairs

Policy Manager:

HIPAA Privacy Officer

Contact:

HIPAA Privacy Officer -- Jack Talaska, hipaa@wisc.edu, (608) 265-4077

Effective Date:

04-14-2003

Revised Dates:

05-26-2014: Effective date of the revised policy: 05-26-2014.
07-12-2018: Effective date of the revised policy: 07-12-2018.
11-22-2019: Effective date of the revised policy: 11-22-2019.
03-26-2020: Effective date of the revised policy: 03-26-2020.

Retrieved:

03-26-2023 23:05:23