Included in the HIPAA Security Rule under Administrative Safeguards is the following requirement:

Security Personnel. A Covered Entity and Business Associate must designate a security official who is responsible for developing and implementing its security policies and procedures.

Be certain to formally appoint a Security Officer for your organization, which could also be your Privacy Officer. Clearly document their role and responsibilities, and include regular Information Security and HIPAA training for all staff.

In the event the appointed Security Officer separates from your organization, it is important to be diligent in appointing a new Security Officer as soon as possible. This role is a HIPAA requirement; it is imperative the organization stays compliant.

Security and compliance are first and foremost in the management of our clients' systems. After conducting thousands of SRAs, common vulnerabilities began to emerge. We launched HIPAA Tip Tuesday to make clients aware of what actions they can take to address these vulnerabilities.

Have a great week!