Audit Controls Policy (UBIT HIPAA)

Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO

On this page:

Summary

CATEGORY: Technical Safeguards
TYPE: Standard
CITATION:
45 CFR 164.312(b)

The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.312(b) requires a covered entity to implement hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.

Policy

UBIT implements hardware, software, and/or procedural mechanisms that record and examine activity in information systems that contain or use ePHI.

Applicability

This policy applies to all UBIT workforce members.

Responsibility

Workforce members: Adhere to policies and procedures as written.

HIPAA Security and Privacy Officer: Ensures that UBIT records and examines activity in information systems that contain or use ePHI whenever possible.

Compliance Officer: Participate in ensuring that the securing of ePHI is effective and enforced, in conjunction with the HIPAA Security and Privacy Officer.

Contact Information

HIPAA Security and Privacy Officer
Website: http://www.buffalo.edu/ubit.html

Vice President and Chief Information Officer
J. Brice Bible
517 Capen Hall
Buffalo, NY 14260
Phone: 716-645-7979
Email: vpcio@buffalo.edu
Website: http://www.buffalo.edu/ubit.html

Date Approved: 12/4/2017