The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) requires public and private entities that provide certain health care services to comply with regulations related to the collection, use, disclosure and security of individually identifiable health information. As a covered entity under HIPAA, the City of Sugar Land (“City”) strives to protect the confidentiality, integrity and availability of protected health information (“PHI”) by taking reasonable and appropriate steps to protect the security and privacy of PHI and comply with all applicable laws and regulations relating to data privacy and security.
In 2016, Sugar Land Fire – EMS Department (“Department”) contracted with Page, Wolfberg & Worth ("PWW"), a consultant firm that specializes in EMS, to assess several operational areas including HIPAA compliance. Since the City is a single entity with business activities that include both covered and non-covered functions, as defined under HIPAA, one of PWW's recommendations was to make the City a "hybrid entity". As a hybrid entity, the HIPAA requirements would only apply to the health care component of the City.
After an assessment of the City’s departments, divisions, and programs for applicability of HIPAA, only certain portions of the City are components of the City that create, transmit, use or maintain health information and therefore should be designated as health care components. Resolution No.18-08 would designate the following Departments as health care components of the City: Fire-EMS, Human Resources, Information Technology, Finance, City Secretary’s Office, City Manager’s Office, and the City Attorney’s Office to the extent that they provide services to entities, programs and departments that are required to comply with HIPAA. All other City departments and offices are designated as non-health care components of the City. The designation would make the City more effectively and efficiently ensure HIPAA compliance.