Download PDF
Effective Date: August 1, 2013
Revised: November 1, 2018
Policy
HIPAA Policies for Healthcare Providers at Covered Components: Policy 10, Exceptions
Responsible Office Research Compliance
This Policy 10 is part of the HIPAA Policy Manual: Privacy and Security of Protected Health Information for BU Healthcare Provider Covered Components.
10. Exceptions
The HIPAA Privacy Officer and HIPAA Security Officer will jointly review any requested exceptions to the requirements set forth in this Policy. Exceptions will be granted if a thorough review of the situation demonstrates appropriate compensating controls have been implemented, and the risk posed by the exception is reasonable and acceptable.
If the requested exception also involves a deviation from standards and policies of the BU IS&T department, the Covered Component must contact IS&T for a separate waiver or exception of those policies.
Additional Resources Regarding This Policy
Related Policies, Procedures, and Guides
- HIPAA
- Data Security
BU Websites