Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO
CATEGORY: Administrative Safeguards
TYPE: Addressable Implementation Specification for Workforce Security Standard
CITATION: 45 CFR 164.308(a)(3)(i)
The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.308(a)(3)(i) requires a covered entity to implement policies and procedures to ensure that all members of its workforce have appropriate access to ePHI.
UBIT determines that a workforce member’s access to ePHI is appropriate. UBIT implements procedures to ensure that a workforce member’s access to ePHI is appropriate.
This policy applies to all UBIT workforce members.
Workforce members: Adheres to policies and procedures as written.
HIPAA Security and Privacy Officer: Determines workforce member’s access to ePHI is appropriate.
Compliance Officer: Participates in ensuring the security of ePHI is enforced and is effective. Performs this duty in conjunction with the HIPAA Security and Privacy Officer.
Date Approved: 12/4/2017