HIPAA Privacy Officer v. Contact Person

HIPAA requires the organization assign a Privacy Officer and a Contact Person. The Privacy Officer I believe is charged with developing the procedures to bring the organization into compliance, and the Contact Person is the one to whom employees go if they have complaints.

Our Benefits Manager will be developing the policies and I have overall responsibility as Director of Human Resources. We thought that was clear, her as PO and me as CP. But, I'm wondering if the CP should be someone outside HR Dept., like the President, so that there is no perceived conflict of interest in resolving problems.

What are others doing?

Comments

Sign In or Register to comment.