Disaster Recovery Plan Policy (UBIT HIPAA)

Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO

On this page:


CATEGORY: Administrative Safeguards
TYPE: Required Implementation Specification for Contingency Plan Standard
45 CFR 164.308(a)(7)(ii)(B)

The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.308 (a)(7)(i) requires a covered entity to establish and implement as needed policies and procedures for responding to an emergency or other occurrence (for example: fire, vandalism, system failure, natural disaster, etc.) that damages systems containing ePHI.


UBIT maintains a documented Disaster Recovery Plan to restore/recover ePHI that is lost, damaged, or corrupted in the event of a disaster or other emergency. The Disaster Recovery Plan ensures that each area can restore or recover any loss of information and the systems needed to make that information available in a timely manner.


This policy applies to all UBIT workforce members.


Workforce members: Adhere to all policies and procedures as written.

HIPAA Security and Privacy Officer: Esablishes and implements, as needed, procedures to restore any loss of data consistent with UBIT’s Disaster Recovery Plan.

Compliance Officer: Participates in ensuring security of ePHI is effective and enforced, in conjunction with the HIPAA Security and Privacy Officer.

Contact Information

HIPAA Security and Privacy Officer
Website: http://www.buffalo.edu/ubit.html

Vice President and Chief Information Officer
J. Brice Bible
517 Capen Hall
Buffalo, NY 14260
Phone: 716-645-7979
Email: vpcio@buffalo.edu
Website: http://www.buffalo.edu/ubit.html

Date Approved: 12/4/2017