Appointing Your HIPAA Compliance Officer
The Health Insurance Portability and Accountability Act (HIPAA) Security Rule requires Business Associates formally designate a Compliance Officer. They will be responsible for managing the security of protected health information (PHI).
Your HIPAA Compliance Officer’s job description needs to outline responsibilities for establishing and maintaining HIPAA compliant mechanisms. This is necessary to ensure the confidentiality, integrity, and accessibility of the healthcare information systems and any electronic PHI they are entrusted with.
These responsibilities will vary according to the nature and size of your organization.
With that said let me take this opportunity to tell you it does NOT matter what size you are, what you do. Even if YOU are the only one who does everything YOU are still required to implement each of the HIPAA requirements.
Who Can It Be Now?
Identify who in your organization has a passion for technology and desire to Keep PHI Secure –THIS INDIVIDUAL MAKES THE BEST data security champion!! Remember: this does NOT have to be someone with an Information Technology degree!!
You could outsource your HIPAA Compliance activities and designate a consultant as your HIPAA Security Officer.
Don’t forget to document your choice, the auditor will ask for it!!
Did you know?
Your HIPAA Compliance Officer is responsible to implement the following:
- Analyze risks, threats, and vulnerabilities to PHI from internal and external factors;
- Develop and implement policies and procedures to ensure the confidentiality, integrity, and availability of the electronic PHI in your organization.
- Adopt security policies and procedures, be responsible for training workforce how to Keep PHI secure
Don’t forget to perform due diligence for any third-party vendor that creates, receives, maintains, stores, or transmits PHI is required to have a current and signed Business Associate Agreement (BAA) or subcontractor agreement on file BEFORE exchanging ANY PHI.
Remember ANYONE who has access to PHI and you pay with via 1099 is a Business Associate!!
Covered Entities and Business Associates need to understand that patients are entrusting YOU with their most private and intimate details, and they expect it to remain secure.
After all, it is YOUR practice, YOUR patient’s trust, YOUR reputation, and YOUR legacy!
Why are you leaving yourself wide open to these risks?
Now I ask you …
Have YOU done YOUR third-party due diligence review?
For more about how to develop your due diligence review program schedule a call with us today!