University of Oregon HIPAA Compliance
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) permits an organization that engages in both HIPAA covered and non-covered functions to designate itself as a hybrid covered entity. As a hybrid covered entity, the organization is permitted to place units which engage in activities regulated under HIPAA into a health care component. The units inside the health care component must follow HIPAA regulations; however, the units which are outside the health care component are not bound by HIPAA regulations.
The University of Oregon has designated itself as a hybrid covered entity. The following units have been designated to be within the university's health care component:
- University Health Services, including Counseling Services
- Athletics Medicine
- Early Childhood CARES (ECC)
- HEDCO Clinic
- Student Health Insurance Program (SHIP)
Representatives from these areas, as well as the Office of the General Counsel, Information Services, Internal Audit, and Division of Safety and Risk Services make up the membership of the HIPAA Privacy Committee, which works to ensure the confidentiality of protected health information that is created, transmitted, or maintained by the university.
In addition, the following university departments are deemed within the covered entity when performing services on behalf of another covered component, and are subject to all applicable confidentiality protections:
- Business Affairs Office
- Information Services
- Division of Student Life
- Office of the General Counsel
- Office of Internal Audit
- Division of Safety and Risk Services
- Office of the Vice President for Research and Innovation, including Research Compliance Services
Individual Privacy Rights Under HIPAA
The University of Oregon is committed to upholding all legal and professional obligations to protect the confidentiality of health information.
Individuals receiving treatment or services in any of the university's covered components have certain rights and protections as outlined in the university's Notice of Privacy Practices.
Read UO Notice of Privacy Practice
Questions or Concerns
If you have questions regarding your privacy or wish to file a compliant, please contact the Deputy Privacy Officer for the unit in which you received care.
University Health Services and Student Health Insurance Program: Debra McLaughlin, dmclaugh@uoregon.edu, 541-346-4452
1590 E. 13th Ave, Eugene, OR 97403
Early Childhood CARES: Donna Boykin, dboykin@uoregon.edu, 541-346-3518
1500 W. 12th Ave, Eugene, OR 97402
HEDCO Clinic: Jody Ferguson, jodyferg@uoregon.edu, 541-346-0922
1655 Alder St. Suite 170. Eugene, OR 97403
UO Athletics: Maggie Doe, mfdoe@uoregon.edu, 541-346-2257
2727 Leo Harris Pkwy, Eugene, OR 97401
General privacy concerns may be directed to the University's HIPAA Privacy Office at 1260 University of Oregon, Eugene, OR 97403, hipaacompliance@uoregon.edu, 541-346-8011.
UO students and employees may also use our anonymous hotline to make a report at uoregon.ethicspoint.com.