Monday, September 28, 2015

Duties of the HIPAA Compliance Security Officer

Specific responsibilities of this important role

While there are similarities between the HIPAA Compliance Privacy Officer position and the HIPAA Compliance Security Officer role, the differences are worth taking note of.

The HIPAA Compliance Security Officer serves as the process director for all ongoing activities that serve to provide appropriate access to and protect the confidentially of patient, provider, employee, and business information in compliance with the practice policies and standards. Rather than the in-person exchange and office environment, this positions is more focused on the information technology side of HIPAA compliance.

The responsibilities of the HIPAA Compliance Security Officer include, but are not limited to:

  • Ensures that your information systems comply with all applicable federal laws and regulations.
  • Ensures that none of your information systems compromises the confidentiality, integrity, or availability of any other of your information systems.
  • Develops, documents, and ensures proper dissemination of appropriate security information systems and the data contained within them.
  • Ensures that any of your newly acquired information systems have features that support required and/or addressable Security Rule implementation specifications.
  • Coordinates the selection, implementation, and administration of your security controls.
  • Ensures that your workforce members receive regular security awareness training.
  • Conducts periodic Risk Analysis of your information systems and security processes.
  • Develops and implements an effective Risk Management program.
  • Regularly monitors and evaluates threats and risks to your information systems that contain electronic protected health information (ePHI).
  • Develops and monitors/audits records of your information systems’ activity to identify inappropriate activity.
  • Maintains an inventory of all of your information systems that contain ePHI.
  • Creates an effective security incident policy and related procedures.
  • Ensures adequate physical security controls exist to protect your ePHI.
  • Coordinates with your Privacy Office to ensure that security policies, procedures, and controls support compliance with the HIPAA Privacy Rule.
  • Evaluates new security technologies that may be appropriate for protecting your information systems that contain ePHI.
While there are some apparent differences between the HIPAA Compliance Privacy Officer and the HIPAA Compliance Security Office, their main focus remains the same; to protect the privacy and security of all patient protect health information.

For more information on this and other HIPAA, HR, OSHA, and Medicare related topics,  please email or visit our web site at

Other articles on a related topic:

Duties of the HIPAA Compliance Privacy Officer

Proper PHI Disposal

HIPAA Violations and Social Networking