Bozeman Deaconess Health Services
D/B/A BOZEMAN HEALTH
HIPAA Hybrid Entity and Affiliated Covered Entity Designations
I. Background
Bozeman Health Deaconess Hospital, Bozeman Health Big Sky Medical Center,
Bozeman Health Urgent Care, and Advanced Medical Imaging (collectively
“BDHS Covered Entities”) are covered entities under the Administrative
Simplification subtitle of the Health Insurance Portability and Accountability
Act of 1996, 42 U.S.C. §§ 1320d to 1320d-9, as amended, and
its implementing regulations, 45 C.F.R. Parts 160 to 164 (collectively,
“HIPAA”). Specifically, Bozeman Health Covered Entities are
health care providers that electronically transmit health information
in connection with HIPAA-covered transactions.
Bozeman Health Deaconess Hospital’s activities include both covered
and non-covered functions under HIPAA. Bozeman Health Deaconess Hospital
operates the Health Care Connections mobile outreach vehicle, which offers
health care screening services but does not, directly or indirectly, electronically
conduct HIPAA-covered transactions. Bozeman Health Deaconess Hospital
also includes the Bozeman Health Cosmetic Surgery & Synergy Medical
Spa, Bozeman Health Clinical Research Group, and Bozeman Health Hillcrest
Senior Living which provides services which may be treated as health care
services but does not electronically conduct HIPAA-covered transactions.
It is Bozeman Health Deaconess Hospital’s intent that any unit or
component that is not set forth below shall not be subject to HIPAA as
a covered entity or business associate.
Furthermore, Bozeman Health Covered Entities seek to designate as an affiliated
covered entity, as the term is defined at 45 C.F.R. § 164.105(b),
so that Bozeman Health Deaconess Hospital’s health care components,
Bozeman Health Big Sky Medical Center, Bozeman Health Urgent Care, and
Advanced Medical Imaging are treated as a single covered entity under
HIPAA. By designating as an affiliated covered entity, Bozeman Health
Covered Entities seek to simplify their compliance obligations under HIPAA,
such as by avoiding the need for business associate agreements between them.
Therefore, Bozeman Health Covered Entities set forth the following hybrid
entity and affiliated covered entity designations in accordance with HIPAA.
II. Designation of BOZEMAN Health DEACONESS HOSPITAL’S Health Care
Components
Pursuant to 45 C.F.R. § 164.05(a) (2) (ii)(D), Bozeman Health Deaconess
Hospital designates the following as health care components subject to HIPAA:
- Any and all departments that provide health care services and electronically
conduct HIPAA-covered transactions.
- Any and all departments that create, receive, maintain, or transmit protected
health information in support of one or more of the above departments.
For avoidance of doubt, the above-designated health care component does
not include:
- The Healthcare Connections mobile outreach vehicle (which does not electronically
conduct HIPAA-covered transactions)
- The Bozeman Health Cosmetic Surgery & Synergy Medical Spa (which does
not electronically conduct HIPAA-covered transactions)
- The Bozeman Health Clinical Research Group (which does not electronically
conduct HIPAA-covered transactions)
- The Bozeman Health Hillcrest Senior Living (which does not electronically
conduct HIPAA-covered transactions)
III. Affiliated Covered Entity designation
The above health care components of Bozeman Health Deaconess Hospital,
Bozeman Health Big Sky Medical Center, Bozeman Health Urgent Care, and
Advanced Medical Imaging hereby designate as an affiliated covered entity
pursuant to 45 C.F.R. § 164.105(b). Bozeman Health Covered Entities
are under common control, as the term is defined at 45 C.F.R. § 164.103,
because Bozeman Health has the power, directly or indirectly, to significantly
influence or direct the actions or policies of all Bozeman Health Covered Entities.
IV. Retention of this Designation
Bozeman Health Covered Entities shall retain a copy of this designation
for no less than six years from the date the designation was last in effect.
Ownership: Jennifer McManis, Compliance & Privacy Officer
Effective date: January 1, 2016
Last date of review: December 21, 2015
Last date of revision: January 1, 2016
Next date of review: September 24, 2016