Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO
CATEGORY: Administrative Safeguards
TYPE: Required Implementation Specification for Contingency Plan Standard
CITATION: 45 CFR 164.308(a)(7)(ii)(B)
The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.308 (a)(7)(i) requires a covered entity to establish and implement as needed policies and procedures for responding to an emergency or other occurrence (for example: fire, vandalism, system failure, natural disaster, etc.) that damages systems containing ePHI.
UBIT maintains a documented Disaster Recovery Plan to restore/recover ePHI that is lost, damaged, or corrupted in the event of a disaster or other emergency. The Disaster Recovery Plan ensures that each area can restore or recover any loss of information and the systems needed to make that information available in a timely manner.
This policy applies to all UBIT workforce members.
Workforce members: Adhere to all policies and procedures as written.
HIPAA Security and Privacy Officer: Esablishes and implements, as needed, procedures to restore any loss of data consistent with UBIT’s Disaster Recovery Plan.
Compliance Officer: Participates in ensuring security of ePHI is effective and enforced, in conjunction with the HIPAA Security and Privacy Officer.
Date Approved: 12/4/2017