The Healthcare Insurance Portability and Accountability Act states that that an individual(s) within a Covered Entity or Business Associate must be assigned the duties of HIPAA Compliance Officer. The individual filling this role can be an existing employee or a new position can be created to fulfill the requirement. Alternatively the duties of a HIPAA compliance officer may be outsourced on a temporary or permanent basis.
The duties of a HIPAA Compliance Officer and how much work is involved willbe contingent on the size of the Covered Entity or Business Associate, and the volume of Protected Health Information (PHI) it creates, uses and manages. In bigger organizations it is often the case that the responsibilities of a HIPAA Compliance Officer are split between a Privacy Officer and a Security Officer.
The Responsibilities of a HIPAA Privacy Officer
A HIPAA Privacy Officer is charged with develop a HIPAA-compliant privacy program if one does not already in place, or – if a privacy program is already exists – for making sure privacy policies to protect the integrity of PHI are adhered with. They will deliver or oversee ongoing staff privacy training, carry out risk assessments and formulate HIPAA-compliant procedures where needed.
A HIPAA Privacy Officer will have to review compliance with the privacy program, examine incidents in which a breach of PHI may have happened, report breaches as required, and ensure patients’ rights in accordance with state and federal legislation. In order to fulfil the responsibilities of a HIPAA Privacy Officer, the appointed person will have to remain up-to-date with relevant state and federal legislation.
The Responsibilities of a HIPAA Security Officer
The duties of a HIPAA Security Officer are not drastically different to those of a Privacy Officer in that the appointed person will be responsible for the development of security polices, the implementation of processes, training, risk reviews and monitoring compliance. On the other side of this, the focus of a Security Officer is compliance with the Administrative, Physical and Technical Safeguards of the Security Rule.
Due to this, the duties of a HIPAA Security Officer can include such diverse topics as the development of a Disaster Recovery Plan, the mechanisms in place to stop unauthorized access to PHI, and how electronic PHI (ePHI) is transmitted and shared. Due to the similarity in responsibilities, the roles of a HIPAA Privacy Officer and HIPAA Security Officer are parried out by the same person in smaller groups.
HIPAA Compliance Officer Job Description
- The person hired to the role of a HIPAA Compliance Officer must have an extensive knowledge of the HIPAA Privacy and Security Rules and the solutions available that will permit him or her to formulate a HIPAA compliance program.
- Once a HIPAA compliance program has been formulated, the Compliance Officer should record progress towards its adaptation. In order to bring this to fruition, a system should be established that allows the Officer to monitor the status of the group’s HIPAA compliance.
- The method should permit the HIPAA Compliance Officer to prioritize efforts towards compliance and communicate priorities. It should also behave as a conduit through which compliance worries can be broadcasted and organizational changes coordinated.
- The HIPAA Compliance Officer is charged with for developing training programs and running training courses. These should be set up to help staff understand HIPAA compliance and how any changes adapted will affect their specific responsibilities.
- The HIPAA Compliance Officer is charged with reviewing HHS’ and the state’s regulatory obligationss. When new regulations or guidelines are brought in, the Officer must adjust the group’s HIPAA compliance program to include these amendments.