Download PDF
Effective Date: August 1, 2013
Revised: January 19, 2024
Policy
HIPAA Health Care Providers Policies Appendix A: Contacts
Responsible Office Research Compliance
This Appendix A is part of the HIPAA Policy Manual: Privacy and Security of Protected Health Information for BU Healthcare Provider Covered Components.
| The BU HIPAA Privacy Officer is Jessica Captain Novick |
617-358-3124 | jcaptain@bu.edu |
| The BU HIPAA Security Officer is David Corbett |
617-414-1475 | corbettd@bu.edu |
| General questions on HIPAA | hipaa@bu.edu | |
| Report breaches to Incident Response Team | 617-358-1100 | ithelp@bu.edu |
The HIPAA Contacts designated by the Covered Components are as follows:
| GSDM Dental Health Centers | Kathryn Mulligan | kmulli@bu.edu |
| Margaret Errante | merrante@bu.edu | |
| Danielsen Institute | Lauren Kehoe | lkehoe@bu.edu |
| George Stavros | stavros1@bu.edu | |
| Sargent Choice Nutrition | Stacey Zawacki | szawacki@bu.edu |
| Rachel Reynolds | rgreyn@bu.edu | |
| BU Rehabilitation Services | James Camarinos (PT) | jcam@bu.edu |
| Terry Ellis (Neuro) | tellis@bu.edu | |
| Tim Nordahl | nordahlt@bu.edu |
The HIPAA Contacts designated by the Business Associates are as follows:
| Biostatistics & Epidemiology Data Analytics Center | Greg Toland | gjtoland@bu.edu |
| General Clinical Research Unit | Nino Zachariah | zachni@bu.edu |
| Christie Merisme | cmerisme@bu.edu | |
| Denise Ridiane | ridianed@bu.edu | |
| Evans Center for Implementation and Improvement Sciences | Kayla Jones | kjones4@bu.edu |
The HIPAA Contacts designated by the Support Units are as follows:
| Information Services and Technology | Eric Jacobsen | jacobsen@bu.edu |
| Office of the General Counsel | Kayla Tabela | ktabela@bu.edu |
| Compliance Services | Nedra Abbruzzese-Werling | nedra@bu.edu |
| Equal Opportunity Office | Erin Sullivan | erinsull@bu.edu |
| Internal Audit & Advisory Services | Marion Candrea | candream@bu.edu |
| Finance | Matt Abrams | abramsm@bu.edu |
| Human Resources | Nimet Gundogan | ngundoga@bu.edu |
| Office of Human Research Affairs | Matt Ogrodnik | maogrodn@bu.edu |
| Risk Management | James Donohue | jdonohue@bu.edu |
Covered Component HIPAA Contact Duties
The Covered Component HIPAA Contact is responsible for implementing the BU HIPAA Policies in the Covered Component. This includes, but is not limited, to:
- Serves as the primary resource for members of the Covered Component Workforce for information on HIPAA;
- Works closely with the BU HIPAA Privacy Officer and Security Officer on matters involving HIPAA;
- Develops procedures for the Covered Component to support implementation of the BU HIPAA policies in the Covered Component;
- Determines and documents the Designated Record Set;
- Determines and documents who is in the Covered Component HIPAA Workforce;
- Develops procedures for granting, modifying and terminating access to PHI within the Covered Component, as well as procedures to audit implementation;
- Ensures all members of the HIPAA Workforce complete training as required;
- Receives reports of potential HIPAA breaches in the Covered Component and acts appropriately, notifying the BU HIPAA Privacy and/or Security Officer as appropriate;
- Develops and implements procedures for release of information that are consistent with the BU HIPAA policies;
- Receives complaints from patients regarding possible violation of their rights to the privacy and security of their PHI, and responds appropriately, notifying the BU HIPAA Privacy and/or Security Officer as appropriate;
- Ensures patient’s HIPAA rights are respected, including the right to access; right to request amendment; right to request a restriction; right to an accounting; and right to notification of a breach;
- Maintains a log of unauthorized disclosures of PHI;
- Assists the BU HIPAA Privacy and/or Security Officer in investigating potential breaches in the Covered Component;
- Creates and maintains inventories of systems, applications and devices;
- Works with the BU HIPAA Security Officer on security risk assessments;
- Ensures a comprehensive information security program is developed for the Covered Component, consistent with the requirements of Section 8 of the BU HIPAA Health Care Providers Manual; and
- Ensures the appropriate staff, faculty, trainees and others in the Covered Component Workforce have appropriate input into the Covered Component’s HIPAA Procedures.
In all of these activities, the HIPAA Contact will be supported by the BU HIPAA Privacy and/or Security Officer, as well as by the Covered Component’s Information Security support staff. The HIPAA Contact is responsible for the above, but is not expected to carry out each of these alone; rather, the HIPAA Contact may delegate duties as appropriate.
Additional Resources Regarding This Policy
Related Policies, Procedures, and Guides
- HIPAA
- Data Security
BU Websites