The Healthcare Insurance Portability and Accountability Act states that an individual(s) within a Covered Entity or Business Associate must be designate as the person who manages the duties of a HIPAA Compliance Officer. This may be a current employee or a new tole can be created to meet the requirement. It is even possible to outsource the role of a HIPAA compliance officer on a temporary or permanent basis.
The duties of a HIPAA Compliance Officer and the work is involved will depend on hoe big the Covered Entity or Business Associate is, and the amount of Protected Health Information (PHI) it creates, uses, and manages. In larger groups it is often the case that the duties of a HIPAA Compliance Officer are split between a Privacy Officer and a Security Officer.
HIPAA Privacy Officer Duties
A HIPAA Privacy Officer is charged with developing a HIPAA-compliant privacy program if one is not already in place, or – if a privacy program already exists – for ensuring privacy policies to safeguard the integrity of PHI are enforced. They will deliver or manage ongoing employee privacy training, carry out risk assessments and develop HIPAA-compliant procedures where needed.
A HIPAA Privacy Officer will have to review compliance with the privacy program, look into incidents in which a breach of PHI may have taken place, report breaches as necessary, and ensure patients´ rights in accordance with state and federal legislation. In order to complete the duties of a HIPAA Privacy Officer, the appointed indidividual will have to keep up-to-date with relevant state and federal laws.
HIPAA Security Officer Duties
The duties of a HIPAA Security Officer are not massively different to those of a Privacy Officer inasmuch as the appointed person will be charged with the development of security polices, the implementation of procedures, training, risk assessments and policing compliance. However, the focus of a Security Officer is compliance with the Administrative, Physical and Technical Safeguards of the Security Rule.
In relation to this, the duties of a HIPAA Security Officer can include such wide ranging topics as the development of a Disaster Recovery Plan, the mechanisms in place to stop unauthorized access to PHI, and how electronic PHI (ePHI) is transmitted and saved. Due to the similarity in duties, the roles of a HIPAA Privacy Officer and HIPAA Security Officer are normally by the same person in smaller groups.
Becoming HIPAA Compliant in Seven Steps
- Set up and enforce policies and procedures.
- Hire or designate a HIPAA Compliance Officer.
- Carry out effective employee and management training.
- Put in place effective channels of communication.
- Complete internal monitoring and auditing.
- React to breaches and undertake corrective action.
- Review policies and procedures and amend as necessary.
HIPAA Compliance Officer Job Description
- The individual hired or designated the role of a HIPAA Compliance Officer must have an in depth knowledge of the HIPAA Privacy and Security Rules and the solutions available that will allow him or her to set up a HIPAA compliance program.
- Once a HIPAA compliance program has been set up, the Compliance Officer should record progress towards its implementation. In order to accomplish this, a system should be established that allows the Officer to review the status of the organization´s HIPAA compliance.
- The system should permit the HIPAA Compliance Officer to dedicate efforts towards compliance and communicate priorities. It should also enable compliance concerns can be raised and organizational changes collaborated on.
- The HIPAA Compliance Officer is charged with for developing training programs and implementing training courses. These should be set up to help workers understand HIPAA compliance and how any changes implemented will affect their particular duties.
- The HIPAA Compliance Officer is charged with monitoring HHS´ and the state’s regulatory obligations. When new regulations or guidelines are enacted, the Officer must adjust the group’s HIPAA compliance program in line with this.