Who is your “security official”?  Executives, have you named someone?  Associates and colleagues, do you know who it is? To comply with the HIPAA security Final Rule, each Covered Entity and Business Associate (and soon, likely, subcontractor) must identify a “security official” responsible for developing and implementing HIPAA security policies.

A Covered Entity under HIPAA is any health care provider, health plan, or health care clearinghouse engaged in electronic transactions involving protected health information. Virtually all health care providers are Covered Entities.  A Business Associate is any individual or organization that serves a Covered Entity and creates, receives, maintains or transmits protected health information (PHI) or electronic PHI (ePHI) in the course of delivering their services to the Covered Entity.

The HIPAA Security Final Rule Standard 45 C.F.R. § 164.308(a)(2) reads:

Standard: Assigned security responsibility. Identify the security official who is responsible for the development and implementation of the policies and procedures required by this subpart for the entity.

The security official needs a good working knowledge of the HIPAA security standards and how your organization will implement them. Identifying the security official early on and involving that person directly in the implementation process is an easy and effective way to build that working knowledge.  The security official should be responsible to a Privacy and Security oversight or governance committee comprising executive team members.

The privacy standards also required the designation of a privacy official, and depending on the size of the organization, it may be a good fit to have the same individual serving as both the privacy and security official.

The complete HIPAA Privacy and Security regulations are here.

Contact us for more information or to learn about a tailored Clearwater HIPAA Audit Prep WorkShop™ or the Clearwater HIPAA Audit Prep BootCamp™ series.

More HIPAA HITECH Resources:

The complete HIPAA Privacy, Security and Breach regulations are here.

Join our AboutHIPAA LinkedIn Group: http://AboutHIPAALI.org
Follow us on Twitter
Subscribe to our eNewsletter
Attend a live educational webinar.

Series Navigation<< HIPAA Privacy and Security Reminders – You Must Do Security Reminders!HIPAA Privacy and Security Reminders – Unique User Identification >>

Bob Chaput

CEO at Clearwater Compliance
Bob Chaput is widely recognized for his extensive and in-depth knowledge of healthcare compliance and cyber risk management, and is one of the industry’s leading authorities in healthcare information security today. As a leading authority safeguarding health data, Chaput has supported hundreds of hospitals and health systems to successfully manage healthcare’s evolving cybersecurity threats and ensure patient safety.