Bozeman Deaconess Health Services
D/B/A BOZEMAN HEALTH
HIPAA Hybrid Entity and Affiliated Covered Entity Designations
I. BACKGROUND
Bozeman Health Deaconess Hospital, Bozeman Health Big Sky Medical Center,
Bozeman Health Urgent Care, Bozeman Health Convenience Care, and Advanced
Medical Imaging (collectively “Bozeman Health Covered Entities”)
are covered entities under the Administrative Simplification subtitle
of the Health Insurance Portability and Accountability Act of 1996, 42
U.S.C. §§ 1320d to 1320d-9, as amended, and its implementing
regulations, 45 C.F.R. Parts 160 to 164 (collectively, “HIPAA”).
Specifically, Bozeman Health Covered Entities are health care providers
that electronically transmit health information in connection with HIPAA-covered
transactions.
Bozeman Health Deaconess Hospital’s activities include both covered
and non-covered functions under HIPAA. Bozeman Health Deaconess Hospital
operates the HealthCare Connections mobile outreach vehicle, which offers
health care screening services but does not, directly or indirectly, electronically
conduct HIPAA-covered transactions. Bozeman Health Deaconess Hospital
also includes the Cosmetic Surgery & Medical Spa, Clinical Research
Group, and Hillcrest Senior Living which provides services which may be
treated as health care services but does not electronically conduct HIPAA-covered
transactions. It is Bozeman Health Deaconess Hospital’s intent that
any unit or component that is not set forth below shall not be subject
to HIPAA as a covered entity or business associate.
Furthermore, Bozeman Health Covered Entities seek to designate as an affiliated
covered entity, as the term is defined at 45 C.F.R. § 164.105(b),
so that Bozeman Health Deaconess Hospital’s health care components,
Bozeman Health Big Sky Medical Center, Bozeman Health Urgent Care, Bozeman
Health Convenience Care, and Advanced Medical Imaging are treated as a
single covered entity under HIPAA. By designating as an affiliated covered
entity, Bozeman Health Covered Entities seek to simplify their compliance
obligations under HIPAA, such as by avoiding the need for business associate
agreements between them.
Therefore, Bozeman Health Covered Entities set forth the following hybrid
entity and affiliatedcovered entity designations in accordance with HIPAA.
II. DESIGNATION OF BOZEMAN HEALTH DEACONESS HOSPITAL’S HEALTH CARE
COMPONENTS
Pursuant to 45 C.F.R. § 164.05(a) (2) (ii)(D), Bozeman Health Deaconess
Hospital designates the following as health care components subject to HIPAA:
- Any and all departments that provide health care services and electronically
conduct HIPAA-covered transactions.
- Any and all departments that create, receive, maintain, or transmit protected
health information in support of one or more of the above departments.
For avoidance of doubt, the above-designated health care component does
not include:
- HealthCare Connections mobile outreach vehicle (which does not electronically
conduct HIPAA-covered transactions)
- Cosmetic Surgery & Medical Spa (which does not electronically conduct
HIPAA-covered transactions)
- Clinical Research Group (which does not electronically conduct HIPAA-covered
transactions)
- Hillcrest Senior Living (which does not electronically conduct HIPAA-covered
transactions)
III. AFFILIATED COVERED ENTITY DESIGNATION
The above health care components of Bozeman Health Deaconess Hospital,
Bozeman Health Big Sky Medical Center, Bozeman Health Urgent Care, Bozeman
Health Convenience Care, and Advanced Medical Imaging hereby designate
as an affiliated covered entity pursuant to 45 C.F.R. § 164.105(b).
Bozeman Health Covered Entities are under common control, as the term
is defined at 45 C.F.R. § 164.103, because Bozeman Health has the
power, directly or indirectly, to significantly influence or direct the
actions or policies of all Bozeman Health Covered Entities.
IV. RETENTION OF THIS DESIGNATION
Bozeman Health Covered Entities shall retain a copy of this designation
for no less than six years from the date the designation was last in effect.
Ownership: Jennifer McManis, Compliance & Privacy Officer
Effective date: January 1, 2016; September 18, 2017; November 30, 2018
Last date of review: September 18, 2017
Last date of revision: January 1, 2016, November 30, 2018
Next date of review: November, 2019