Per HIPAA, it is required that privacy personnel are designated within your practice. You can hire new personnel, train a current employee, or pay a HIPAA consultant.
Keep in mind that there are many areas the privacy personnel will oversee, but not limited to:
The designated policy personnel will also play a role in helping you and your staff understand the following:
This focuses on internal organization, policies, procedures, and maintain security measures to protect patient health information. This is the true foundation of the three safeguards with the Workforce Security Standard being a subset.
Under this standard, practices should ensure that all members have appropriate access to electronic PHI and prevent those that shouldn’t get access. An example of this is, implementing policies and procedures on computer access and password management.
This standard is where you must ensure physical measures, policies, and procedures are enacted to protect electronic information systems, related buildings and equipment, natural and environmental hazards, and unauthorized intrusion.
A common subset of this safeguard is Workstation Security, which is ensuring that employees are authorized to access certain programs and that the same programs are non-accessible to non-employees.
The primary focus is to implement policies and procedures to protect electronic health information and control access to it.
Transmission Security Standard is a subset of this safeguard in which the practice should implement measures to guard against unauthorized access through the network. A good example of this is not allowing anyone to modify or destroy electronic information unless they are authorized. Also, data encryption should be utilized for certain information.
Remember, covered entities must maintain records of their policies and procedures or any other action/activity for at least six years.
**The opinions and observations from the group/author are not a promise to exempt your practice from fines and penalties. Research, modify, and tailor the advice to fit your specialty.