privacy office/officer (HIPAA)

HIPAA's Privacy Rule requires the designation of a "privacy official" by each covered entity, to be responsible for the "development and implementation" of the policies and procedures necessary for compliance.

Covered entities must also designate a "contact person or office" to be responsible for providing information, receiving complaints and handling the administration of patients' 'records rights such as:

Note that the HIPAA Security Rule contains an equivalent requirement to designate a security official.

See also:


   © 2002-2006 Contributing authors and University of Miami School of Medicine