Bozeman Deaconess Health Services

D/B/A BOZEMAN HEALTH

HIPAA Hybrid Entity and Affiliated Covered Entity Designations

I. Background

Bozeman Health Deaconess Hospital, Bozeman Health Big Sky Medical Center, Bozeman Health Urgent Care, and Advanced Medical Imaging (collectively “BDHS Covered Entities”) are covered entities under the Administrative Simplification subtitle of the Health Insurance Portability and Accountability Act of 1996, 42 U.S.C. §§ 1320d to 1320d-9, as amended, and its implementing regulations, 45 C.F.R. Parts 160 to 164 (collectively, “HIPAA”). Specifically, Bozeman Health Covered Entities are health care providers that electronically transmit health information in connection with HIPAA-covered transactions.

Bozeman Health Deaconess Hospital’s activities include both covered and non-covered functions under HIPAA. Bozeman Health Deaconess Hospital operates the Health Care Connections mobile outreach vehicle, which offers health care screening services but does not, directly or indirectly, electronically conduct HIPAA-covered transactions. Bozeman Health Deaconess Hospital also includes the Bozeman Health Cosmetic Surgery & Synergy Medical Spa, Bozeman Health Clinical Research Group, and Bozeman Health Hillcrest Senior Living which provides services which may be treated as health care services but does not electronically conduct HIPAA-covered transactions. It is Bozeman Health Deaconess Hospital’s intent that any unit or component that is not set forth below shall not be subject to HIPAA as a covered entity or business associate.

Furthermore, Bozeman Health Covered Entities seek to designate as an affiliated covered entity, as the term is defined at 45 C.F.R. § 164.105(b), so that Bozeman Health Deaconess Hospital’s health care components, Bozeman Health Big Sky Medical Center, Bozeman Health Urgent Care, and Advanced Medical Imaging are treated as a single covered entity under HIPAA. By designating as an affiliated covered entity, Bozeman Health Covered Entities seek to simplify their compliance obligations under HIPAA, such as by avoiding the need for business associate agreements between them.

Therefore, Bozeman Health Covered Entities set forth the following hybrid entity and affiliated covered entity designations in accordance with HIPAA.

II. Designation of BOZEMAN Health DEACONESS HOSPITAL’S Health Care Components

Pursuant to 45 C.F.R. § 164.05(a) (2) (ii)(D), Bozeman Health Deaconess Hospital designates the following as health care components subject to HIPAA:

• Any and all departments that provide health care services and electronically conduct HIPAA-covered transactions.
• Any and all departments that create, receive, maintain, or transmit protected health information in support of one or more of the above departments.

For avoidance of doubt, the above-designated health care component does not include:

• The Healthcare Connections mobile outreach vehicle (which does not electronically conduct HIPAA-covered transactions)
• The Bozeman Health Cosmetic Surgery & Synergy Medical Spa (which does not electronically conduct HIPAA-covered transactions)
• The Bozeman Health Clinical Research Group (which does not electronically conduct HIPAA-covered transactions)
• The Bozeman Health Hillcrest Senior Living (which does not electronically conduct HIPAA-covered transactions)

III. Affiliated Covered Entity designation

The above health care components of Bozeman Health Deaconess Hospital, Bozeman Health Big Sky Medical Center, Bozeman Health Urgent Care, and Advanced Medical Imaging hereby designate as an affiliated covered entity pursuant to 45 C.F.R. § 164.105(b). Bozeman Health Covered Entities are under common control, as the term is defined at 45 C.F.R. § 164.103, because Bozeman Health has the power, directly or indirectly, to significantly influence or direct the actions or policies of all Bozeman Health Covered Entities.

IV. Retention of this Designation

Bozeman Health Covered Entities shall retain a copy of this designation for no less than six years from the date the designation was last in effect.

Ownership: Jennifer McManis, Compliance & Privacy Officer
Effective date: January 1, 2016
Last date of review: December 21, 2015
Last date of revision: January 1, 2016
Next date of review: September 24, 2016