security responsibility (HIPAA)
As part of their
safeguards, covered entities must designate a "security
official," to be "responsible for the development
and implementation of the policies and procedures" required
by the HIPAA Security Rule.
As with the Privacy
Rule requirement for a Privacy
Officer, DHHS has stated that final responsibility for
security must rest with a single person: "More than one
individual may be given security responsibilities, especially
within a large organization; but a single individual must
be designated as having the overall final responsibility."
(Final Rule, p.84)