HIPAA
 Home Contacts Site Map
UB declarations
Up UB HIPAA overview UB declarations Researchers Faculty-Students Business Associates HIPAA Training

This page contains links to official policy and declaration statements regarding HIPAA for the University at Buffalo

You will need to use the Adobe® Reader® to view these files.  The reader can be obtained from http://www.adobe.com/

Covered & Non-covered Functions

bulletUB: Covered Function and Business Associate determination criteria (revised June 18, 2013; .pdf)
bulletUB: Covered Function declaration (revised August 14, 2003; .pdf)
bulletUB: Research as a non-covered function declaration (revised August 14, 2003; .pdf)
bulletDeclaration notes and references

Position  statements

bulletUB General Services and HIPAA covered function/Business Associate activities: The University at Buffalo is a hybrid entity under HIPAA. General Services deployed by the University such as telephony, data network, data storage, email, etc., including the activities of University employees associated with the provision of those Services, are not implemented, operated or managed in a manner that is intended to be HIPAA compliant. HIPAA compliant Services at the University are limited to those provided within University HIPAA covered functions or to those governed by an appropriately executed HIPAA Business Associate Contract. University HIPAA covered functions, or other non-SUNY entities using University Services, must take this fact into consideration when utilizing any University Services or personnel in a manner which may directly or indirectly support their own operations.  It is the University's position that, unless explicitly acknowledged in a separate HIPAA Business Associate Contract (for non-SUNY entities), or in a formal extension of the University’s HIPAA covered function declaration or covered function workforce, the consumers of University Services are responsible for ensuring that such services will not be used in any way that could be construed as making the University a HIPAA Business Associate or as extending the University’s HIPAA covered function activities.  SUNY functions at UB intending to engage in Business Associate activities must identify themselves to the UB Director of HIPAA Compliance for review and approval prior to engaging in such activities.
bulletSUNY/UB Position statement: Entering into a Business Associate Agreement to cover student training experiences. (revised March 24, 2004; .pdf)

Guidance

bulletUB-Research:  Alteration or Waiver of Authorization; guidance for the UB IRB, UB covered functions, and external covered entities providing PHI to UB researchers through this mechanism. (revised July 9, 2004; pdf)
bulletUB-Research: Business Associate Contracts and Research; guidance for any UB researcher considering entering into a business associate contract (aka business associate agreement) with a HIPAA covered entity in order to conduct research (revised September 19, 2004; pdf)
bulletUB-Research: Limited Data Set / Data Use Agreements and Research; guidance for any UB researcher considering entering into a data use agreement (required in order to receive a limited data set) with a HIPAA covered entity in order to conduct research (revised September 19, 2004; pdf)

This material is designed for internal University at Buffalo use only and is copyrighted.  Information and documents available on this site may be freely copied and used with appropriate attribution to the University at Buffalo.  None of the information on these pages should be construed as legal advice or expert opinion with respect to how any particular function or entity engages in work to come into compliance with HIPAA.
Last updated: July 28, 2009.  Privacy Policy
Hit Counter