Under the HIPAA Privacy Rule, there must be one individual who is identified as the Privacy Officer. What does that mean? Is it a paid job? What are the requirements? Are they the ones who will be accountable in the case of a violation or if a data breach should occur?
Every covered entity and business associate must designate an individual within their organization that is the point person for all HIPAA questions as well as them being the administrator for all HIPAA compliance activity. The role can be assigned to an existing employee or designed as an entirely new full-time position. Whichever route you chose would depend on the size of your business and how much time would be required of them in their existing role in addition to these responsibilities. The amount of protected health information (PHI) that your organization utilizes will play a part in this as well.
The job title will vary. Sometimes identified as the HIPAA Compliance Officer or Privacy Officer, this position can be confused with the job of HIPAA Security Officer. While many times an organization may appoint the same individual as both the Security & Privacy Officer, it is important to note that these are separate responsibilities. Focusing today on the HIPAA Privacy Officer, this person must develop and implement policies and procedures that are required to be HIPAA Compliant. The qualifications that the Privacy Officer should have in their skillset include strong leadership skills, an understanding of IT, strong detail management, and of course an understanding of HIPAA and how it factors into the business.
The Privacy Officer should know first and foremost what is or isn’t PHI. That includes of course electronic or ePHI. With the ongoing and increasing threat of cybersecurity risks, knowing what the best practices are for protecting the company’s network and technology assets is critical as well. Having a partnership with Security Risk HIPAA is an invaluable asset for this, as it is when it comes to conducting the HIPAA compliance training program that your company should have in place.
If in the event a data breach does occur, the HIPAA Privacy Officer will be the point person for action moving forward. If you would like assistance in identifying the roles of this individual and policies that will help keep your healthcare organization HIPAA compliant, contact us today!