Touchstone Compliance

The Role of a Practice’s HIPAA Privacy Officer


Exactly when an HHS auditor will visit your office is anybody’s guess. But I do know the first words an auditor is likely to say when he/she arrives to assess how the practice is doing with HIPAA compliance: “I’m from Health and Human Services and I’d like to speak with your Privacy Officer.”Roblox Robux Hack 2017

 HIPAA says that every practice or healthcare organization must designate a privacy officer. No office—no matter its size—is exempt from this HIPAA requirement.

In larger healthcare organizations, it’s not uncommon for the role of HIPAA Privacy Officer to be someone’s entire job. That individual was probably hired on the basis of their extensive HIPAA know-how and compliance certifications.

But in small and medium-sized practices, the Privacy Officer typically wears other hats, as well: office manager, receptionist, assistant. It might even be you, the doctor. Or you, the dentist.

In this blog I’m going to talk about what’s expected of the person who’s the practice’s HIPAA Privacy Officer.   And I’m going to start with an important quality the person in that role at a small or medium-sized practice needs to have.

The Type “H” (for HIPAA) Personality

The HIPAA Privacy Rule provides federal protections for personal health information and gives patients rights to their own Protected Health Information (PHI). In a perfect world, the person implementing this rule would be conversant in HIPAA’s requirements—state and federal. He/she would also have a background in health-records management, compliance and risk management, and be up to speed when it comes to information technology and the security issues that surround it.

Someone with all those qualifications is a rare find, even for larger organizations. So, how does a smaller office identify the staff member suited for the role of Privacy Officer?

Qualities to look for include skills in communicating, listening, problem-solving, and dealing with people.  But a “willingness to learn,” in my opinion, tops the list.

An all-important step

Because the Privacy Officer is responsible for implementing the HIPAA Privacy Rule, in-depth HIPAA training for this individual is a must. Whether it’s accomplished via after-hours classes and costly seminars, or handled more economically and conveniently by services like our online training via video, the fact remains: A Privacy Officer has to know and understand the rules in order to implement them.

The duties of a Privacy Officer include: 

  • Keeping up-to-date on federal and state privacy laws
  • Creating, posting, and distributing the Notice of Privacy Practices (NPP) Maintaining a record of each patient’s acknowledgment of receiving the NPP
  • Meeting requests from patients for access to their health records
  • Meeting requests from patients for corrections or changes to their health records
  • Considering requests for additional protection for, or confidential communications of, particularly sensitive health information
  • Providing information to patients or staff who have questions about HIPAA and their privacy protections
  • Dealing with complaints from patients or staff about possible HIPAA violations
  • Developing and implementing HIPAA training for the staff to foster awareness of information privacy
  • Developing, implementing, and monitoring Business Associate Agreements to ensure that privacy concerns, responsibilities, and requirements are addressed
  • Cooperating with HHS’s Office of Civil Rights (OCR) and other legal entities in any compliance reviews or investigations

Privacy of patient information isn’t a new idea

While the role of the Privacy Officer does bring with it some new administrative burdens, HIPAA’s requirements, for the most part, don’t displace already existing laws and professional codes of ethics. Protecting patient information shouldn’t be viewed as some sort of innovation, but rather as a normal and ongoing part of the covenant of trust between patient and healthcare provider.

When appropriate security and privacy policies have been put in placeand when the staff is trained and motivated to follow themproblems complying with HIPAA should be few, and the Privacy Officer’s role, a matter of routine.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.