The Requirements and Responsibilities of a HIPAA Security/Privacy Officer

Howard Jones has been an independent consultant to physicians and hospitals since 1980. He has provided services related to practice management and regulatory compliance issues, selection of billing/EMR systems, and the design of EMR templates for practices and EMR vendors. He has focused on providing services related to healthcare regulations since 1992.

He is the author of a 1992 manual called the Physicians’ Medicare Coding/Documentation Guide. This publication served as the handout for a training seminar he developed to assist physicians in learning how to be compliant with the new E&M coding and documentation guidelines introduced in 1992.

He has also been a contributor to other health care business publications, including:
•Business Aspects of Medical Practice
•The Encyclopedia of Medical Practice Management
•Part B Billing
•Make Medicare Work for You
•Physicians Fee and Coding Guide (1997-99) He has authored training seminars and conducted them hundreds of times for physicians and hospitals across the country. These seminars included: •Coding & Billing - Do It Right The First Time •E&M Documentation - Do It Right The First Time
•A Systems Approach to Managed Care •Medical Practice Management - A New Perspective •What Does It Really Take to Qualify for Meaningful Use Funds?
•Healthcare Quality - How Do You Measure It? He authored and conducted a presentation for 100 MBA students at Nanjing University in Nanjing, China in December 2007. The title of this presentation was … Are You One of China’s Future Leaders? He is currently the President of two small businesses –
•HJones & Associates LLC, a consulting business that provides services to both the healthcare and business world – writing blogs, website audits, copywriting services, webinars on HIPAA, etc. •Compliance Checkup LLC, a business that has develop a new and “disruptive” technology – a Cloud-based Regulatory Education, Testing, & Compliance Tracking System that will soon be available to the business world.

Course Description:

Discussions, presentation, and webinars regarding HIPAA regulations are usually addressed from the perspective of what the regulations entail, the necessity of compliance with the regulations, and the consequences of willful neglect or non-compliance.

This presentation addresses HIPAA regulations from a different perspective – from a personal perspective – from the perspective of the person in charge of moving an organization or facility toward full compliance with HIPAA. The by-product of this presentation will be both an understanding of, and a detailed job description for, a position mandated in the regulations – the HIPAA Security/Privacy Officer.

Course Objective:

The HIPAA regulations are numerous, complicated, often vague, and affect every person working in a healthcare facility. Compliance with HIPAA will require a unique individual to lead the charge – an individual whose education, background, experience, and demonstrated skill sets offer the opportunity for that person to succeed in achieving the goals of that position. This is a new position to most healthcare facilities. So the objective of this presentation is for the audience to understand:

• Who this person should be
• What is required of the person with this job title
• With whom this person will interface 

Course Outline:

This presentation dives deep into the three (3) key things on which the HIPAA Security/Privacy Officer must focus.

• Position goals
• Position requirements (education, experience, skill sets, etc.)
• Position responsibilities -
• Stay abreast of regulations
• Initiate compliance with HIPAA (according to regulations)
• Ensure continuous progress toward full compliance
• Develop appropriate security/privacy policies & procedures
• Oversee and deliver appropriate training programs to all employees
• Track compliance with HIPAA regulations at the facility & individual levels
• Track access to PHI
• Investigate and resolve HIPAA violations
• Apply sanctions to HIPAA violators
• Manage any information security personnel
• Prepare a department budget
• Hold Business Associates accountable for their own compliance with HIPAA …. and the list goes on

Target Audience:

This 60-minute presentation will be of value to the following:

• Someone who is interested in becoming a HIPAA Security/Privacy Officer
• Someone who will make the decision for hiring a person for this position
• Practice/Hospital Administrators
• MDs and healthcare professionals
• IT professionals
• Facility managers
• Business Associates of healthcare facilities
• Attorneys
• Any person who deals directly or indirectly with PHI