HIPAA Privacy Officer v. Contact Person

Caroliso · March 2003

HIPAA requires the organization assign a Privacy Officer and a Contact Person. The Privacy Officer I believe is charged with developing the procedures to bring the organization into compliance, and the Contact Person is the one to whom employees go if they have complaints.

Our Benefits Manager will be developing the policies and I have overall responsibility as Director of Human Resources. We thought that was clear, her as PO and me as CP. But, I'm wondering if the CP should be someone outside HR Dept., like the President, so that there is no perceived conflict of interest in resolving problems.

What are others doing?

Boo · March 2003

Are you a "covered entity"?

Caroliso · March 2003

>Are you a "covered entity"?

Only for our health FSA.

LindaS · March 2003

I just went to a meeting regarding HIPAA today and was informed that the contact person and the privacy official can be the same person and they can be someone in HR as long as that person does not make the final decisions regarding hiring, firing, promotions, etc.. If this is not the case and this person does have the authority to make these decisions, you need to have clearly written policies regarding the handling of this information.

HIPAA Privacy Officer v. Contact Person

Comments