Download PDF
Effective Date: August 1, 2013 Revised: January 19, 2024

HIPAA Health Care Providers Policies Appendix A: Contacts

Responsible Office Research Compliance

This Appendix A is part of the HIPAA Policy Manual: Privacy and Security of Protected Health Information for BU Healthcare Provider Covered Components.

The BU HIPAA Privacy Officer is
Jessica Captain Novick
The BU HIPAA Security Officer is
David Corbett
General questions on HIPAA
Report breaches to Incident Response Team 617-358-1100

The HIPAA Contacts designated by the Covered Components are as follows:

GSDM Dental Health Centers Kathryn Mulligan
Danielsen Institute Lauren Kehoe
Sargent Choice Nutrition Stacey Zawacki
Sara Yen
BU Rehabilitation Services James Camarinos (PT)
Terry Ellis (Neuro)

The HIPAA Contacts designated by the Business Associates are as follows:

Biostatistics & Epidemiology Data Analytics Center  Greg Toland
General Clinical Research Unit Anh L. Tran
Evans Center for Implementation and Improvement Sciences Santana Silver

The HIPAA Contacts designated by the Support Units are as follows:

Information Services and Technology Eric Jacobsen
Office of the General Counsel Lilly Huang
Compliance Services Nedra Abbruzzese-Werling
Equal Opportunity Office Erin Sullivan
Internal Audit Silifa Wallace
Finance Matt Abrams
Human Resources Nimet Gundogan
Office of Human Research Affairs Matt Ogrodnik
Risk Management James Donohue

Covered Component HIPAA Contact Duties

The Covered Component HIPAA Contact is responsible for implementing the BU HIPAA Policies in the Covered Component. This includes, but is not limited, to:

  • Serves as the primary resource for members of the Covered Component Workforce for information on HIPAA;
  • Works closely with the BU HIPAA Privacy Officer and Security Officer on matters involving HIPAA;
  • Develops procedures for the Covered Component to support implementation of the BU HIPAA policies in the Covered Component;
  • Determines and documents the Designated Record Set;
  • Determines and documents who is in the Covered Component HIPAA Workforce;
  • Develops procedures for granting, modifying and terminating access to PHI within the Covered Component, as well as procedures to audit implementation;
  • Ensures all members of the HIPAA Workforce complete training as required;
  • Receives reports of potential HIPAA breaches in the Covered Component and acts appropriately, notifying the BU HIPAA Privacy and/or Security Officer as appropriate;
  • Develops and implements procedures for release of information that are consistent with the BU HIPAA policies;
  • Receives complaints from patients regarding possible violation of their rights to the privacy and security of their PHI, and responds appropriately, notifying the BU HIPAA Privacy and/or Security Officer as appropriate;
  • Ensures patient’s HIPAA rights are respected, including the right to access; right to request amendment; right to request a restriction; right to an accounting; and right to notification of a breach;
  • Maintains a log of unauthorized disclosures of PHI;
  • Assists the BU HIPAA Privacy and/or Security Officer in investigating potential breaches in the Covered Component;
  • Creates and maintains inventories of systems, applications and devices;
  • Works with the BU HIPAA Security Officer on security risk assessments;
  • Ensures a comprehensive information security program is developed for the Covered Component, consistent with the requirements of Section 8 of the BU HIPAA Health Care Providers Manual; and
  • Ensures the appropriate staff, faculty, trainees and others in the Covered Component Workforce have appropriate input into the Covered Component’s HIPAA Procedures.

In all of these activities, the HIPAA Contact will be supported by the BU HIPAA Privacy and/or Security Officer, as well as by the Covered Component’s Information Security support staff.  The HIPAA Contact is responsible for the above, but is not expected to carry out each of these alone; rather, the HIPAA Contact may delegate duties as appropriate.