Privacy and Security Officer Brief:
HIPAA regulations state that you must formally designate a Privacy Officer and a Security Officer. These can be the same person.
Privacy Officer: A covered entity must designate a privacy official who is responsible for the development and implementation of the policies and procedures of the entity.
Security Officer: Identify the security official who is responsible for the development and implementation of the policies and procedures required by [the Security Rule] for the entity.
In short, this person will be the internal end point of responsibility for office HIPAA compliance. Whether the officer physically does the work of ensuring compliance, or simply manages and oversees the compliance does not matter.
In general, the officer will face the following tasks, among others:
- Manage office moral regarding HIPAA compliancy, including developing an internal culture of compliancy.
- Oversee internal office sanctions for failure to comply with HIPAA policies.
- Handle internal complaints for lack of compliancy
- Be contact person for questions regarding HIPAA compliancy.
- Be internal contact point in case of a security incident and PHI breaches.
- Be responsible for interacting with OCR auditors
- Oversee management of response to security incidents and PHI breaches.
- Be responsible for managing creation, implementation and oversight of organization’s HIPAA privacy and security related policies and procedures.
- Manage training and awareness programs for the workforce.
- Manage continuity of practice in the event of a disaster or a PHI breach.
- Address issues in compliancy, security, and handling of PHI as they become apparent.
- Manage relationships with third parties to improve internal security as needed.
- Regularly review and edit internal policies and procedures.