Welcome to the ProHIPAA for Leaders course. If you've just taken the General HIPAA course, you likely have a solid foundation on HIPAA already. In this introductory lesson, we'll be going over what you can expect to learn in this course and what your course objective will be. And at the end of the lesson, we'll provide you with a Word about HIPAA Privacy Officers and HIPAA Security Officers.
If your business or organization is in the healthcare industry and works as a covered entity or business associate, you're required to have annual HIPAA compliance training for you and your staff. You're also required to conduct periodic risk assessments and have a Book of Evidence on hand that outlines your practice or organization's policies and procedures.
In the course, you'll learn about what it takes to be an effective privacy officer, compliance officer, and trusted business associate.
What You Can Expect to Learn
In your ProHIPAA for Leaders course, you'll learn the following:
- Why risk assessments are required
- About the HITECH Act of 2009
- About the Omnibus Rule of 2013
- About the importance of customized policies and procedures to create your Book of Evidence
- Why business associate agreements are required
- About the types of violations we often see in the healthcare industry today
- Why you – as a compliance officer or privacy officer – are key to ensuring your business or organization becomes compliant
- How to handle complaints and audits from the Office for Civil Rights or attorneys
Your Course Objective
The objective of ProHIPAA for Leaders is to train you on how to properly handle PHI, ePHI, and a data breach. Or better yet, how to reduce your chances of a data breach.
A Word About HIPAA Privacy Officers and HIPAA Security Officers
If you just completed the General HIPAA course at ProHIPAA, you may recall some additional information on the duties of a HIPAA Compliance Officer. You might also remember how those duties can be handled by one person or shared – in smaller organizations and businesses – with the person (or people) responsible for privacy and security duties.
In this Word, we're going to look at duties for both HIPAA Privacy Officers and HIPAA Security Officers for larger businesses and organizations that have one or more people in each of those positions.
HIPAA Privacy Officer
A HIPAA Privacy Officer is responsible for developing a privacy program that is HIPAA compliant if one doesn't already exist. Or, if your business already has a privacy program in place, a privacy officer is in charge of ensuring that all privacy policies to protect the integrity of PHI are enforced.
Among the duties of a HIPAA Privacy Officer are:
- Overseeing or developing ongoing employee privacy training
- Conducting risk assessments
- Developing HIPAA compliant procedures where necessary
- Monitoring compliance with the privacy program
- Investigating incidents in which a breach of PHI may have occurred
- Reporting breaches as necessary
- Ensuring patients' rights in accordance with state and federal laws
In order to fulfill the duties of a HIPAA Privacy Officer, the appointed person will have to keep up to date with relevant state and federal laws.
HIPAA Security Officer
The duties of a HIPAA Security Officer are quite similar to those of a privacy officer, but with a security focus rather than privacy. The appointed person will be responsible for:
- Developing security policies
- Implementing procedures, training, and risk assessments
- Monitoring compliance of the security policies
However, the focus of a HIPAA Security Officer is compliance with the Administrative, Physical, and Technical Safeguards of the Security Rule.
In this respect, the duties of a HIPAA Security Officer can include such diverse topics as the development of a Disaster Recovery Plan – the mechanisms in place to prevent unauthorized access to PHI, and how ePHI is transmitted and stored.
Due to how similar these duties are, the roles of a HIPAA Privacy Officer and HIPAA Security Officer are often performed by the same person in smaller organizations and businesses. And in even smaller businesses, one person could be in charge of handling the duties of a HIPAA Compliance Officer as well.