Accessing Accounts of Deceased or Incapacitated Individuals Policy

The University at Buffalo (UB, university) is committed to the protection and confidentiality of electronic information. However, the university recognizes that it may be necessary to allow access to electronic data contained within a deceased or incapacitated individual’s UB account.

A request to access electronic data must originate from a legally authorized individual (e.g., executor, holder of power of attorney) supported by a legal document demonstrating authorization.

Electronic data will be released as permitted by law, including the Family Educational Rights and Privacy Act (FERPA), Freedom of Information Law (FOIL), the Personal Privacy Protection Law (PPPL), and Health Insurance Portability and Accountability Act (HIPAA). In the event of a dispute over the ownership and release of electronic data, the legally authorized individual may make an appeal to the Office of General Counsel.

In accordance with the Computing and Network Use Policy, permission is required to view another individual’s electronic data. This policy:

• Requires proper authorization to access the electronic files of a deceased or incapacitated employee or student
• Allows for the release of electronic data as permitted by federal and state laws, and university policy
• Allows for the release of information outside of subpoena, FOIL, or other legal requests

This policy applies to the electronic data associated with an individual’s UBITName.

Account

Electronic data associated with an individual’s UBITName.

• Submit a request to access a deceased or incapacitated individual’s UB account to the Information Security Officer (ISO).

• Receive and track requests for access to electronic data.
• Work with UB Information Technology (UBIT) to grant access after approval of General Counsel.

• Review legal documents (e.g., court orders, power of attorney letters) to ensure the request is legitimate.
• Approve access to electronic data of deceased or incapacitated individuals.
• Review appeals and make a determination on the release of electronic data.

• Authorize the release of electronic data to a legally authorized individual after initial approval from Office of General Counsel.

• Facilitate the collection of electronic data from individual’s account.
• Maintain documentation of electronic data released.
• Provide a summary report of electronic data released to the ISO. 

• Review records maintained by the deceased or incapacitated individual and determine if the records are of a personal nature.
• Recommend the release of electronic data, as appropriate.