Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO
CATEGORY: Physical Safeguards
TYPE: Required Implementation Specification for Device and Media Controls Standard
CITATION: 45 CFR 164.308(a)(1)(ii)(A)
The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.310(d) requires a covered entity to implement policies and procedures governing the receipt and removal of hardware and electronic media that contains ePHI into and out of a facility, and the movement of these items within the facility.
UBIT creates a retrievable backup copy of ePHI when needed or as appropriate.
This policy applies to all UBIT workforce members.
Workforce members: Adhere to the policies and procedures as written.
HIPAA Security and Privacy Officer: Ensures that an exact and retrievable backup copy of ePHI exists before moving equipment.
Compliance Officer: Participates in ensuring the security ePHI is effective and enforced, in conjunction with the HIPAA Security and Privacy Officer.
Date Approved: 12/4/2017