Content of Notification Policy (UBIT HIPAA)

Category: HIPAA Security
Responsible Office: UBIT HIPAA Compliance
Responsible Executive: Vice President and Chief Information Officer (VPCIO)
Approved By (Name/Title): J. Brice Bible, VPCIO

CATEGORY: Notification in the Case of Breach of Unsecured Protected Health Information
TYPE: Implementation Specification for Notification to Individuals
CITATION: 45 CFR 164.404 (c) Implementation Specification: Content of Notification

The University at Buffalo Information Technology (UBIT) operates as a covered entity as defined by the U.S. Department of Health and Human Services Office of Civil Rights. HIPAA Regulation Text 45 CFR Part 164.404 requires a covered entity, following the discovery of a breach of unsecured PHI, to notify the appropriate individuals.

UBIT provides notification written in plain language to individuals affected by a breach of unsecured ePHI.

This policy applies to all UBIT workforce members.

Workforce members: Adhere to policies and procedures as written.

HIPAA Security and Privacy Officer: Ensures that required notification to individuals includes the required elements and that the notification is written in plain language.

Compliance Officer: Participates in ensuring the security of ePHI is effective and enforced, in conjunction with the HIPAA Security and Privacy Officer.

Date Approved: 12/6/2017