Hybrid Entity Policy

Hybrid Entity Policy

Purpose

To identify hybrid entity components of services offered by Lutheran Social Service of Minnesota and its affiliates (LSS) to guide HIPAA compliance.

Policy

Lutheran Social Service of Minnesota (LSS) is the largest provider of social services in the state of Minnesota. In providing these social services, LSS conducts some business activities considered health plan (for team members) or healthcare provider (for service recipients) components by the Health Information Portability and Accountability Act of 1996 (HIPAA). Under HIPAA, a "Hybrid Entity" is a single legal entity whose business activities include both health care and non-health care components. Therefore, LSS is considered a Hybrid Entity under HIPAA.

Healthcare Provider for Service Recipients

Pursuant to HIPAA (45 CFR 164.504(c)(3)(iii)), LSS identifies its healthcare provider components as the following Lines of Service:

  • Behavioral Health Services
  • Care Coordination
  • Early Learning Centers – Frogtown Rondo and East Side
  • Host Homes
  • Healthy Transitions Services
  • NuVantage
  • Partners in Community Supports
  • Residential and Customized Support Services (including Community Residential Services, Intensive Community Residential Services and Customized Community Supports)

Within such healthcare provider components, the following persons (or positions) are responsible in handling covered functions:

  1. Senior Directors of the above-listed Service Areas
  2. All Staff Reporting to these Senior Directors

References in LSS’s policies and procedures for the Healthcare Provider to "covered entity" shall mean the Healthcare Provider.

Any reference in the HIPAA Regulations to "Protected Health Information" refers to Protected Health Information that is created or received by or on behalf of the Healthcare Providers.

Team members, volunteers or other individuals serving the Healthcare Provider as part of handling covered functions must comply with HIPAA and must treat other team members of LSS outside of the Healthcare Provider component and not involved in handling covered functions as not part of the Healthcare Provider. That is, they must be treated as any other third party for purposes of the HIPAA privacy and security rules and restrictions on disclosure and use of protected health information.

Health Plans for Team Members

Pursuant to HIPAA (45 CFR 164.504(c)(3)(iii)), LSS identifies its health plan components as follows:

  • Human Resources Medical (Blue Cross Blue Shield), Dental (Delta), and Vision (VSP) Plans
  • Human Resources Workers Compensation Plan
  • Human Resources Employee Assistance Plans

Within such health plan components, the following persons (or positions) are responsible in handling covered functions:

  1. Vice President of Human Resources
  2. Staff Reporting to the Vice President of Human Resources

Please note: LSS is required by law to include the Human Resources Department in this policy. No LSS team member has access to team member medical information.

References in LSS’s policies and procedures for the Plan to "covered entity" shall mean the Plan.

Any reference in the HIPAA Regulations to "Protected Health Information" refers to Protected Health Information that is created or received by or on behalf of each Plan.

Individuals serving the Plan as part of handling covered functions must comply with HIPAA and must treat other team members of LSS outside of the health plan component and not involved in handling covered functions as not part of the Plan. That is, they must be treated as any other third party for purposes of the HIPAA privacy and security rules and restrictions on disclosure and use of protected health information.