HIPAA Home Page




  • Contact the University of Alabama’s Privacy Officer
    Jan Chaisson (jchaisson@cchs.ua.edu)
  • Contact the University of Alabama’s HIPAA Security Officer
    Ashley Ewing (aewing@ua.edu)
  • Medical Center Privacy Officer is Jan Chaisson
  • Medical Center Security Officer is Amy Sherwood
  • Brewer Porch Privacy/Security Officer is Warren Williams
  • Speech and Hearing Privacy/Security Officer is Becca Brooks
  • Autism Spectrum Disorders Clinic Privacy/Security Officer is Kelly McKinnon
  • UA Group Health Plan/FSA Privacy Officer is Emily Marbutt
  • UA Group Health Plan/FSA Security Officer is Greg Gaddis
  • WellBAMA Program Privacy/Security Officer is Heather Mundy
  • Working on Womanhood Program (WOW) Privacy/Security Officer is Jill Beck
  • Center for Advanced Public Safety (CAPS) Privacy Officer is Laura Culp
  • Center for Advanced Public Safety (CAPS) Security Officer is Terry Lee
  • Institutional Review Board Compliance Officer is Tanta Myles

What is HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) was passed by Congress in 1996 to:

  • insure the portability of insurance coverage as employees moved from
    job to job
  • increase accountability and decrease fraud and abuse in health care; and
  • improve the efficiency of the health care payment process, while at the same time protecting a patient’s privacy.

HIPAA applies to “Covered Entities,” defined by the Privacy Rule as

  • a health care provider that conducts certain transactions in electronic form,
  • a health care clearinghouse,
  • a health plan, or
  • a business associate (person or organization performing a function on behalf of the CE for which access to protected health information is needed.

Because the University of Alabama has at least one department that provides health care services and electronically transmits health information, it is considered a Covered Entity.


UA as a “hybrid entity”

Since the primary function of The University is not to provide health care, UA is permitted to designate itself as a “hybrid entity,” which allows it to apply the Privacy Rule only to those parts of UA that, if standing alone, would be a Covered Entity. As a hybrid entity, UA must designate its “health care components,” which includes departments that provide support for health care components.

Health Care Components at the University of Alabama are:

  • The Brewer Porch Children’s Center
  • The University Medical Center
  • The Speech & Hearing Clinic
  • Autism Spectrum Disorders Clinic
  • Departments that have signed Business Associated Agreements
  • Group Health Insurance/Flexible Spending Plan/Wellbama Program
  • UA Administrative Departments supporting the entities above (e.g. Legal Office, Auditing, Financial Affairs, Risk Management, OIT, UA Privacy/Security Officers, etc.)
  • Research involving PHI from a HIPAA-covered entity
  • DOES NOT APPLY TO: Psychology Clinic, Student Health Center/Pharmacy, ODS records, Counseling Center, WRC, Athletic Department health records


Print this Page (Adobe)