hipaacomplianceofficer

A Deeper Look Into Your Organization’s HIPAA Compliance Officer


What is a HIPAA Compliance Officer and What Do They Do?

Hello. My name is Brian Largent, and this is another episode of Three Minute Thursday. Today I’m going to be talking about your organization’s HIPAA compliance officer. If you’re not familiar with what a HIPAA compliance officer is, this will probably shine a little light on it, and if you are familiar with it, hopefully this will give you some understanding of what the officer’s roles are, their responsibilities, and how they can help protect your organization. Let’s dive in.

Officer Authority

The first thing to understand about being a HIPAA compliance officer is if you do not have authority you are not a HIPAA compliance officer. Without authority, you will not be able to make the changes necessary to protect your patient’s electronic protective health information. Once you’ve given your compliance officer authority to go along with the responsibility, you then need to put in place accountability. How are you going to verify that your HIPAA compliance officer is doing their job properly?

Officer Responsibilities

Later in this video I’ll get into the accountability side, but for now let’s talk about responsibility. I’ve listed many of the common responsibilities of a HIPAA compliance officer on the screen. You’re welcome to read through those. I’m going to cover a few of them at a high level. The number one responsibility of the HIPAA compliance officer is to maintain the HIPAA compliance handbook or the policy handbook. That stipulates how the organization handles EPHI. It’s going to cover things like password policy, the movement of electronic protected health information from one system to another across the network or across town to a different clinic.

The handbook will also need to be updated regularly to match the changes in the organization as well as changes in regulation. Another important responsibility of the compliance officer is to ensure that employees receive the proper training to know how to handle electronic protected health information and they understand the ramifications of not handling EPHI to the organizational standards.

The compliance officer must also administer the process for investigating and acting on privacy and security complaints. For example, if an employee lost a laptop that may have contained electronic protective health information, the compliance officer would need to be able to do the research to determine if information was, in fact, lost and, if so, report that information to the Office of Civil Rights and mitigate any fallout caused by that loss.

The compliance officer must also monitor federal regulations so that the organization can react to it in a timely manner. By now, you’re probably thinking to yourself, “Even with training, when am I going to find the time to do all these tasks, to gather all this information and knowledge?” Well, that brings us to Brian’s blueprint for HIPAA compliance. The first thing you’re going to do is partner with an IT company that will perform a thorough risk assessment of your organization. That risk assessment will become the building blocks to get your organization into compliance. All the discrepancies will need to be put into a plan over a set period of time and then be mitigated.

The next thing you’re going to do is you’re going to partner with a third party compliance program provider. These are organizations that have written thousands of different policy handbooks, have worked with organizations just like yours, and can quickly get a policy handbook together that matches the way your organization operates. They’re also going to assist you with moving forward documenting changes in your organization year over year. I said I’d come back to accountability so here we are. The last thing you’re going to do is you’re going to perform regular risk assessments at least annually, possibly quarterly, depending on the size of your organization and the amount of change that goes on.

In conclusion, being a HIPAA compliance officer is a very daunting task. We strongly encourage you to utilize third party organizations to make this task a little smoother and a little easier on you so that you can get back to the full-time job that you had before you were given this title. If you have any questions or concerns, contact us. My name is Brian Largent. This has been another Three Minute Thursday. Have a great rest of your week.

Share the Knowledge

Brian Largent

Managed Service Provider CHECKLIST

Land on the best IT solutions partner for your needs with this easy-to-follow, one-page download.

Download the Checklist

Discover More IT News, Tips and Tricks From The Experts At ArcLight Group