Notice of Hybrid Entity Status Under HIPAA

TELUS Health has declared itself a “hybrid entity” under the Health Insurance Portability and Accountability Act of 1996, and the regulations promulgated thereunder (“HIPAA”). This determination was made after a thorough analysis of the many and varied programs and services in our organization.


HIPAA defines a hybrid entity as a single entity whose business activities include both covered and non-covered HIPAA functions. As a hybrid entity under HIPAA, TELUS Health’s business activities include both covered and non-covered functions. In compliance with 45 CFR §164.105(a)(2)(iii)(D), TELUS Health designates the following business functions as covered health care components:


1. Our EAP counselling services;

2. Our TELUS Health Wellbeing Platform and mobile application;

3. Our Internet-based Cognitive Behavioral Therapy (iCBT) services.


TELUS Health included in its covered health care offerings, those programs that would meet the definition of a covered entity, if each were a separate legal entity. This list could change in the future, and will be amended as necessary. Currently, only the above programs within the TELUS Health organization are required to comply with the Privacy and Security Rules under HIPAA. Nonetheless, it is important to point out that non-covered programs that receive personal information and personal health information in the course of business, may be subject to various other laws, regulations and policies.