What is a Hybrid Entity?

A Hybrid Entity is defined as a single legal entity that conducts both covered and non-covered functions under HIPAA. This means that while part of the organization is involved in activities that are subject to HIPAA regulations—such as healthcare providers and health plans—other parts may engage in activities that do not fall under HIPAA’s scope. An example of this could be a university that offers healthcare services (covered functions) while also providing educational services (non-covered functions).

Organizations must identify their hybrid status to manage compliance accurately and ensure that only the portions of the entity that handle protected health information (PHI) comply with HIPAA’s rules, thus allowing for an efficient compliance strategy without applying unnecessary regulations to the non-covered areas.