Professional Documents
Culture Documents
Appointment and Responsibilities of HIPAA Privacy Officer
Appointment and Responsibilities of HIPAA Privacy Officer
Revision History
EXT/HIPAA/ARHPO/01 Page 1 of 4
Appointment & Responsibilities of HIPAA Privacy Officer
Reference 45 CFR Part 164.530 Ver. No. 1.0
1. Objective
The purpose is to appoint the Privacy Officer at Exterprise and define the
responsibilities.
2. Scope
This policy applies to all Exterprise workforce members including, but not limited to
full-time employees, part-time employees and appointing senior management of the
Organization.
3. Process Overview
In terms of HIPAA compliance, the privacy officer shall oversee all ongoing activities
related to the development, implementation and maintenance of the
practice/organization’s privacy policies in accordance with applicable federal and
state laws.
4. Policy
Exterprise will appoint a HIPAA Privacy Officer to oversee the compliance with the
HIPAA Privacy Rule.
Understand the HIPAA Privacy Rules and how it applies within each
Covered Component.
Develop appropriate policies and procedures to comply with the
HIPAA Privacy Rules.
EXT/HIPAA/ARHPO/01 Page 2 of 4
Appointment & Responsibilities of HIPAA Privacy Officer
Reference 45 CFR Part 164.530 Ver. No. 1.0
4.2 Retention:
Every policy and procedure revision/replacement will be maintained for a
minimum of six years from the date of its creation or when it was last in effect,
whichever is later. Other Exterprise requirements may stipulate a longer
retention; HIPAA Audit information and logs relevant to security incidents must
be retained for six years.
4.3 Compliance:
Failure to comply with this or any other privacy policy will result in disciplinary
actions. Legal actions also may be taken for violations of applicable regulations
and standards such as the HIPAA Privacy Rule and others.
4.4 References
EXT/HIPAA/ARHPO/01 Page 3 of 4
Appointment & Responsibilities of HIPAA Privacy Officer
Reference 45 CFR Part 164.530 Ver. No. 1.0
HIPAA Final Privacy Rule, 45 CFR Part 164.514(h), Department of Health and
Human Services,
http://www.hhs.gov/ocr/privacy/hipaa/administrative/privacyrule/August
14, 2002.
HIPAA Breach Notification Rule:
http://www.hhs.gov/ocr/privacy/hipaa/administrative/breachnotificationrule
/
Health Information Privacy, Security, and EHR
http://www.healthit.gov/providers-professionals/ehr-privacy-security
Achieve Meaningful Use: Protect Electronic Health Information
http://www.healthit.gov/providers-professionals/achieve-meaningful-
use/core-measures/protect-electronic-health-information
http://www.healthit.gov/providers-professionals/achieve-meaningful-
use/core-measures-2/protect-electronic-health-information
EXT/HIPAA/ARHPO/01 Page 4 of 4