Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO
CATEGORY: Administrative Requirement
TYPE: Standard and Implementation Specification
CITATION: 45 CFR 164.530 (j)(1) Standard: Documentation and 45 CFR 164.530(j)(2) Implementation Specification: Retention Period
The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.530 (j)(1) and requires a covered entity to document and retain its HIPAA policies, procedures, supporting documents identified in the policies and procedures, and documents sufficient to meet the burden of proof as described in § 164.414(b) for a period of six years.
UBIT maintains its HIPAA policies, procedures, and required communication in written or electronic form. UBIT maintains documentation for required actions, activities, or designations as identified in the HIPAA policies, procedures, and required communication in written or electronic form. UBIT maintains documentation sufficient to meet its burden of proof under § 164.414 Administrative Requirements and Burden of Proof. UBIT retains the documents identified in this policy for a period of six years from the date of its creation, or the date of when it last was in effect, whichever is later.
This policy applies to all UBIT workforce members.
Workforce members: Adhere to policies and procedures as written.
HIPAA Security and Privacy Officer: Ensures that HIPAA documentation is retained as required.
Compliance Officer: Participates in ensuring the security of ePHI is effective and enforced, in conjunction with the HIPAA Security and Privacy Officer.
Date Approved: 12/6/2017