Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO
CATEGORY: Policies and Procedures and Documentation
TYPE: Required Implementation Specification for Documentation Standard
CITATION: 45 CFR 164.316(b)(1)(iii)
The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.316(b)(1) requires a covered entity to maintain the policies and procedures implemented to comply with this subpart in written (which may be electronic) form. If an action, activity or assessment is required by this subpart to be documented, maintain a written (which may be electronic) record of that action, activity, or assessment.
UBIT reviews and updates HIPAA policies periodically and/or in response to environmental or operational changes affecting the security of ePHI.
This policy applies to all UBIT workforce members.
Workforce members: Adhere to all policies and procedures as written.
HIPAA Security and Privacy Officer: Reviews and updates documentation periodically and/or in response to environmental or operational changes affecting the security of the ePHI.
Compliance Officer: In conjunction with the HIPAA Security and Privacy Officer, the Compliance Officer reviews and updates documentation periodically and/or in response to environmental or operational changes affecting the security of the ePHI.
Date Approved: 12/6/2017