In conformity with The Health Insurance Portability and Accountability Act of 1996 (HIPAA), every HIPAA compliant organization should have HIPAA Compliance Officers. They can be not only on-site workers but also outsourced ones. But what are they responsible for and why do you need them? Let’s discuss!
In large companies, there are two types of HIPAA Compliance Officers: HIPAA Privacy Officer and HIPAA Security Officer. But in small companies often there is no sense to hire two different specialists. So the responsibilities of these two workers emerge into one. As a result, Privacy Officer and Security Officer seem to be very similar from the very beginning. But actually, they have critical differences.
About HIPAA Privacy Officer
As for the HIPAA Privacy Officer, this specialist is responsible for creating a HIPAA-Compliance Privacy Program, if the one doesn’t already take place in a company. But if it does, they should maintain the confidentiality policies to prevent splitting of the PHI. Also, HIPAA Privacy Officer has to conduct or control HIPAA training for co-workers and manage threat and risk assessment. Their additional duties are to detect data breaches and address necessary authorities if needed and keep up with new patient privacy laws.
About HIPAA Security Officer
HIPAA Security Officers have similar responsibilities as HIPAA Privacy Officers. They are also responsible for conducting HIPAA training, managing risk assessment, etc. But they have a focus on more administrative and physical safety measures of the Safety Rule. They have to implement new technologies to improve PHI security, create a plan for saving a company in case of some huge error, avert access to PHI without authorization, and also figure out how to store and transmit ePHI.
Abilities and Skills to Become a HIPAA Compliance Officer
Everyone who wants to hire a HIPAA Compliance Officer or to become such a specialist wants to know, what kind of abilities a candidate must have to take this position. Distinct criteria help to decide if you need to hire such a worker or choose the one from your team. So, generally, HIPAA Compliance Officer should have:
- degree in the healthcare field
- strong organizational, communicational, and analytical skills
- abilities to work in a team
- familiarity with laws in the healthcare field
- knowledge of PHI protection standards
You can add this list with much more features. But it is enough for you to imagine an ideal candidate for you or if you want to become that ideal candidate, to complement your CV. Furthermore, it is possible even to create a small job description based on two previous paragraphs.
HIPAA Tendencies in 2022
A good HIPAA Compliance Officer should stay updated with all trends and policies of HIPAA. Here are the main new regulations in 2022:
- Patients are allowed to inspect their health data on their own and to take photos or notes of their PHI;
- The maximum time to provide PHI shortens from 30 to 15 days;
- Patients got permission to request their PHI be transmitted to a personal health application;
- Situations, when ePHI should be provided for free, were determined;
- Organizations have to inform individuals, that they have the right to share their PHI with the third parties in case they show them only the summary instead of the PHI copy;
- Private individuals’ requests for transmitting ePHI to third parties will be limited with e PHI stored in EHR;
- HIPAA Compliant organizations and companies should set indicative fees on access to PHI and taking copies of it on their websites;
- HIPAA Compliant organizations and companies should give an individual assessment on giving a PHI copy to person;
- Suppliers of medical services and health plans should respond to requests for some records from other healthcare providers and health plans if a private individual asks those organizations to do that accordingly to the HIPAA Right of Access;
- Covered organizations will receive permission to use and disclose PHI in a certain way based on their strong belief that it is in a patient’s interest and many more.
What If HIPAA Compliance Officers Fail Their Duties?
No matter if you hire a HIPAA Compliance Officer from outsourcing or on-site, it is the responsibility of senior staff to keep HIPAA requirements. They should communicate with each other regularly to share information about efforts to maintain HIPAA Compliance.
If you still have questions regarding HIPAA Compliance Officers’ responsibilities or want to share your thoughts on this topic, leave the comment below 🙂
