HIPAA's Privacy Rule requires the designation of a "privacy official" by each covered entity, to be responsible for the "development and implementation" of the policies and procedures necessary for compliance.

Covered entities must also designate a "contact person or office" to be responsible for providing information, receiving complaints and handling the administration of patients' 'records rights such as:

• access
• amendment
• disclosure accountings
• supplemental protections
• confidential communications
• authorizations for additional uses

Note that the HIPAA Security Rule contains an equivalent requirement to designate a security official.

See also:

• 45 CFR 164.530(a)
• Designating (and Training) a HIPAA Privacy Officer

  Last modified: 12-May-2005 [RC]