Rule requires the designation of a "privacy official"
by each covered entity,
to be responsible for the "development and implementation"
of the policies and
procedures necessary for compliance.
must also designate a "contact person or office"
to be responsible for providing information, receiving complaints
and handling the administration of patients' 'records rights
Note that the HIPAA
Security Rule contains
an equivalent requirement to designate a security