What are the Duties of a HIPAA Compliance Officer?
The Healthcare Insurance Portability and Accountability Act requires that a person (or persons) within a Covered Entity or Business Associate is assigned the duties of a HIPAA Compliance Officer. This may be an existing employee or a new position can be created to meet the requirement. It is even possible to outsource the duties of a HIPAA compliance officer on a temporary or permanent basis.
But, what are the duties of a HIPAA Compliance Officer? And how much work is involved? That will depend on the size of the Covered Entity or Business Associate, and the volume of Protected Health Information (PHI) it creates, uses, and maintains. In larger organizations it is often the case that the duties of a HIPAA Compliance Officer are divided between a Privacy Officer and a Security Officer.
The Duties of a HIPAA Privacy Officer
A HIPAA Privacy Officer is responsible for developing a HIPAA-compliant privacy program if one does not already exist, or – if a privacy program is already in place – for ensuring privacy policies to protect the integrity of PHI are enforced. He or she will deliver or oversee ongoing employee privacy training, conduct risk assessments and develop HIPAA-compliant procedures where necessary.
A HIPAA Privacy Officer will have to monitor compliance with the privacy program, investigate incidents in which a breach of PHI may have occurred, report breaches as necessary, and ensure patients´ rights in accordance with state and federal laws. In order to fulfil the duties of a HIPAA Privacy Officer, the appointed person will have to keep up-to-date with relevant state and federal laws.
The Duties of a HIPAA Security Officer
The duties of a HIPAA Security Officer are not dissimilar to those of a Privacy Officer inasmuch as the appointed person will be responsible for the development of security polices, the implementation of procedures, training, risk assessments and monitoring compliance. However, the focus of a Security Officer is compliance with the Administrative, Physical and Technical Safeguards of the Security Rule.
In this respect, the duties of a HIPAA Security Officer can include such diverse topics as the development of a Disaster Recovery Plan, the mechanisms in place to prevent unauthorized access to PHI, and how electronic PHI (ePHI) is transmitted and stored. Due to the similarity in duties, the roles of a HIPAA Privacy Officer and HIPAA Security Officer are performed by the same person in smaller organizations.
Find Out More about the Duties of a HIPAA Compliance Officer
The HIPAA regulations do not define exactly what the duties of a HIPAA Compliance Officer are – instead leaving it to each Covered Entity or Business Associate to establish their own duties according to their specific requirements. Therefore, in order to effectively establish the duties of a HIPAA Compliance Officer, it is necessary to understand what those specific requirements are.
With this in mind, we have compiled a HIPAA Compliance Guide. Our guide is an overview of the key areas of HIPAA, HITECH and the Final Omnibus Rule, and how they apply to Covered Entities and Business Associates in certain circumstances. Naturally we are unable to cover every possible scenario, so we have also included links to further information and valuable resources that will help readers find answers to any questions about HIPAA compliance and the duties of a HIPAA Compliance Officer.