Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO
CATEGORY: Policies and Procedures and Documentation
TYPE: Required Implementation Specification for Documentation Standard
CITATION: 45 CFR 164.316(b)(1)(ii)
The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.316(b)(1) requires a covered entity to maintain the policies and procedures implemented to comply with this subpart in written (which may be electronic) form. If an action, activity or assessment is required by this subpart to be documented, maintain a written (which may be electronic) record of that action, activity, or assessment.
UBIT provides the necessary documentation to individuals who are responsible for implementing HIPAA-related policies, processes, and procedures.
This policy applies to all UBIT workforce members.
Workforce members: Adhere to policies and procedures as written.
HIPAA Security and Privacy Officer: Makes documentation available to those persons responsible for implementing the procedures to which the documentation pertains.
Compliance Officer: In conjunction with the HIPAA Security and Privacy Officer, the Compliance Officer makes documentation available to those persons responsible for implementing the procedures to which the documentation pertains.
Date Approved: 12/6/2017