Do you know who your privacy and security officers are?
Executives, have you named these individuals? Associates and colleagues, do you know who your Privacy Officer and Information Security Officer are? To comply with the HIPAA Security Final Rule, each Covered Entity and Business Associate must identify a “security official” responsible for developing and implementing HIPAA security policies. Additionally, each Covered Entity must designate a Privacy Officer.
The security official needs a good working knowledge of the HIPAA standards and how your organization will implement them. Identifying these officials early on and involving that person directly in the implementation process is an easy and effective way to build that working knowledge. These officials typically report to a Privacy and Security oversight or governance committee comprising executive team members.
Who are your Information Security Officer and Privacy Officer?