Maintenance Records Policy (UBIT HIPAA)

Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO

CATEGORY: Physical Safeguards
TYPE: Addressable Implementation Specification for Facility Access Controls Standard
CITATION: 45 CFR 164.310(a)(2)(iv)

The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.310(a) requires a covered entity to implement policies and procedures to limit physical access to its electronic information systems and the facility or facilities in which they are housed, while ensuring that properly authorized access is allowed.

UBIT implements policies and procedures to document repairs and modifications to the physical components of its facilities that are related to its security. UBIT conducts a periodic inventory/inspection of such components (for example, hardware, walls, doors, locks, etc.).

This policy applies to all UBIT workforce members.

Workforce members: Adhere to all policies and procedures as written.

Director of Facilities or designated workforce member: Implements policies and procedures to document repairs and modifications to the physical components of a facility which are related to security (for example, hardware, walls, doors, and locks).

Compliance Officer: In conjunction with the Director of Facilities or designated workforce member, the Compliance Officer may participate in ensuring security of ePHI is effective and enforced.

Date Approved: 12/6/2017