Hybrid Entity Policy
Purpose: To identify Hybrid Entity Components for Lutheran Social Service.
Policy: LSS is considered a Hybrid Entity under HIPAA.
Lutheran Social Service of Minnesota (“LSS”) is the largest provider of social services in the state of Minnesota. In providing these social services, LSS conducts some business activities considered health plan or healthcare provider components by the Health Information Portability and Accountability Act of 1996 (HIPAA). Under HIPAA, a “Hybrid entity” is a single legal entity whose business activities include both health care and non-health care components. Therefore, LSS is considered a Hybrid Entity under HIPAA.
Health Plan: Pursuant to HIPAA (45 CFR 164.504(c)(3)(iii)), LSS identifies its health plan components as follows:
- LSS Human Resources Medical (Blue Cross Blue Shield), Dental (Delta), and Vision (Spectera) Plans
- LSS Human Resources Workers Compensation Plan
- LSS Human Resources Employee Assistance Plans
Within such health plan components, the following persons (or positions) are involved in handling covered functions:
- Chief Human Resources Officer
- Staff Reporting to the Chief Human Resources Officer
Please note: LSS is required by law to include the Human Resources Department in this policy. No LSS employee has access to employee medical information.
References in LSS’s policies and procedures for the Plan to “covered entity” shall mean the Plan.
Any reference in the HIPAA Regulations to “Protected Health Information” refers to Protected Health Information that is created or received by or on behalf of each Plan.
Individuals serving the Plan as part of handling covered functions must comply with HIPAA and must treat other employees of LSS outside of the health plan component and not involved in handling covered functions as not part of the Plan. That is, they must be treated as any other third party for purposes of the HIPAA privacy and security rules and restrictions on disclosure and use of protected health information.
Healthcare Provider: Pursuant to HIPAA (45 CFR 164.504(c)(3)(iii)), LSS identifies its healthcare provider components as follows:
- LSS Disability Services (Personal Support Services, Partners in Community Supports, and LSS Care Coordination)
- LSS Behavioral Health Services
- LSS NuVantage
Within such healthcare provider components, the following persons (or positions) are involved in handling covered functions:
- Senior Directors of the above-listed Service Areas
- All Staff Reporting to these Senior Directors
References in LSS’s policies and procedures for the Healthcare Provider to “covered entity” shall mean the Healthcare Provider.
Any reference in the HIPAA Regulations to “Protected Health Information” refers to Protected Health Information that is created or received by or on behalf of the Healthcare Providers.
Individuals serving the Healthcare Provider as part of handling covered functions must comply with HIPAA and must treat other employees of LSS outside of the Healthcare Provider component and not involved in handling covered functions as not part of the Healthcare Provider. That is, they must be treated as any other third party for purposes of the HIPAA privacy and security rules and restrictions on disclosure and use of protected health information.