Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO
CATEGORY: Administrative Safeguards
CITATION: 45 CFR 164.308(a)(2)
he University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.308 (a)(2) requires that a covered entity identify the security officer responsible for the development and implementation of the policies and procedures required by this standard.
UBIT ensures that HIPAA regulations are met through the oversight of a designated HIPAA Security and Privacy Officer who, in conjunction with the Compliance Officer, is responsible for protecting ePHI in any form and for the development and implementation of the policies and procedures required by this standard.
This policy applies to all UBIT workforce members.
Workforce members: Adheres to policies and procedures as written.
HIPAA Security and Privacy Officer: Responsible for overseeing the placement of the appropriate technical, organizational, and administrative safeguards to ensure the confidentiality, integrity, and availability of ePHI. Responsible for enforcing the program and reviewing the conduct of those responsible for protecting ePHI data for UBIT
Compliance Officer: Participates in enforcing the security of ePHI and sanctions imposed resulting from non-compliance, in conjunction with the HIPAA Security and Privacy Officer.
Date Approved: 12/6/2017