Download PDF
Effective Date: August 1, 2013 Revised: January 19, 2024
Policy

HIPAA Health Care Providers Policies Appendix A: Contacts

Responsible Office Research Compliance

This Appendix A is part of the HIPAA Policy Manual: Privacy and Security of Protected Health Information for BU Healthcare Provider Covered Components.

The BU HIPAA Privacy Officer is
Jessica Captain Novick
617-358-3124 jcaptain@bu.edu
The BU HIPAA Security Officer is
David Corbett
617-414-1475 corbettd@bu.edu
General questions on HIPAA hipaa@bu.edu
Report breaches to Incident Response Team 617-358-1100 ithelp@bu.edu

The HIPAA Contacts designated by the Covered Components are as follows:

GSDM Dental Health Centers Kathryn Mulligan kmulli@bu.edu
Danielsen Institute Lauren Kehoe lkehoe@bu.edu
Sargent Choice Nutrition Stacey Zawacki
Sara Yen
szawacki@bu.edu
syen@bu.edu
BU Rehabilitation Services James Camarinos (PT)
Terry Ellis (Neuro)
jcam@bu.edu
tellis@bu.edu

The HIPAA Contacts designated by the Business Associates are as follows:

Biostatistics & Epidemiology Data Analytics Center  Greg Toland gjtoland@bu.edu
General Clinical Research Unit Anh L. Tran  anhltran@bu.edu
Evans Center for Implementation and Improvement Sciences Santana Silver  ssilver3@bu.edu

The HIPAA Contacts designated by the Support Units are as follows:

Information Services and Technology Eric Jacobsen jacobsen@bu.edu
Office of the General Counsel Lilly Huang lohuang@bu.edu
Compliance Services Nedra Abbruzzese-Werling nedra@bu.edu
Equal Opportunity Office Erin Sullivan erinsull@bu.edu
Internal Audit Silifa Wallace silifa@bu.edu
Finance Matt Abrams abramsm@bu.edu
Human Resources Nimet Gundogan ngundoga@bu.edu
Office of Human Research Affairs Matt Ogrodnik maogrodn@bu.edu
Risk Management James Donohue jdonohue@bu.edu

Covered Component HIPAA Contact Duties

The Covered Component HIPAA Contact is responsible for implementing the BU HIPAA Policies in the Covered Component. This includes, but is not limited, to:

  • Serves as the primary resource for members of the Covered Component Workforce for information on HIPAA;
  • Works closely with the BU HIPAA Privacy Officer and Security Officer on matters involving HIPAA;
  • Develops procedures for the Covered Component to support implementation of the BU HIPAA policies in the Covered Component;
  • Determines and documents the Designated Record Set;
  • Determines and documents who is in the Covered Component HIPAA Workforce;
  • Develops procedures for granting, modifying and terminating access to PHI within the Covered Component, as well as procedures to audit implementation;
  • Ensures all members of the HIPAA Workforce complete training as required;
  • Receives reports of potential HIPAA breaches in the Covered Component and acts appropriately, notifying the BU HIPAA Privacy and/or Security Officer as appropriate;
  • Develops and implements procedures for release of information that are consistent with the BU HIPAA policies;
  • Receives complaints from patients regarding possible violation of their rights to the privacy and security of their PHI, and responds appropriately, notifying the BU HIPAA Privacy and/or Security Officer as appropriate;
  • Ensures patient’s HIPAA rights are respected, including the right to access; right to request amendment; right to request a restriction; right to an accounting; and right to notification of a breach;
  • Maintains a log of unauthorized disclosures of PHI;
  • Assists the BU HIPAA Privacy and/or Security Officer in investigating potential breaches in the Covered Component;
  • Creates and maintains inventories of systems, applications and devices;
  • Works with the BU HIPAA Security Officer on security risk assessments;
  • Ensures a comprehensive information security program is developed for the Covered Component, consistent with the requirements of Section 8 of the BU HIPAA Health Care Providers Manual; and
  • Ensures the appropriate staff, faculty, trainees and others in the Covered Component Workforce have appropriate input into the Covered Component’s HIPAA Procedures.

In all of these activities, the HIPAA Contact will be supported by the BU HIPAA Privacy and/or Security Officer, as well as by the Covered Component’s Information Security support staff.  The HIPAA Contact is responsible for the above, but is not expected to carry out each of these alone; rather, the HIPAA Contact may delegate duties as appropriate.