Health Information Compliance Alert

Sample HIPAA Security Officer Job Description

Published on Fri Aug 29, 2003

Whether you're thinking of creating a position in your facility for a HIPAA security officer, or you're just curious what it takes to become a security rule guru, you'll want to take a look below at this sample job description developed by Kevin Beaver, CISSP, president and founder of Principle Logic in Kennesaw, GA.

Overview

The HIPAA Security Officer position for [insert your organization here] will be responsible for the management of all security policies, procedures, plans, and systems as mandated by HIPAA to ensure the confidentiality, integrity, and availability of all protected health information (PHI) handled by the organization.

Responsibilities

Ensure the ongoing integration of HIPAA security initiatives with all healthcare related business strategies

Manage contingency planning and security incident response initiatives

Direct and develop or outsource security awareness and training initiatives

Administer periodic information risk assessments and audits according to HIPAA requirements

Work with third parties as needed to ensure that HIPAA Security Rule requirements are being met

Work with upper management to enforce security policies and hold all users accountable for their actions

General requirements for this position

Minimum 10 years of experience in working with physical and information security systems (preferably both)

Understanding of technical security systems including networking, TCP/IP, firewalls, and content filtering

Experience in developing security policies, procedures, and plans

Strong documentation and communications skills

Ability to understand and assess business risks and determine which countermeasures need to be applied

Understanding of the ISO/IEC 17799 framework

Knowledge of the HIPAA Transactions and Code Sets Rule and Privacy Rule

In-depth knowledge of the HIPAA Security Rule

CISSP, CISA, or CISM certification preferred

Source: Reprinted with permission of Kevin Beaver, CISSP, president and founder of Principle Logic in Kennesaw, GA. To view other HIPAA-related documents created by Principle Logic, go to www.principlelogic.com.

Health Information Compliance Alert

Incapacitated Patients Don't Knock Out HIPAA
3 Scenarios Will Help You Realize Your Obligations

It's a common occurrence in many health [...]

Put These Top 5 Transactions Tips On Your 'To Do' List
They say time is money, and for covered entities, the hours used to ensure transactions [...]

CMS Gives Paper-Billers 'Get Out Of TCS Rule Free' Card
A few sharp tips will keep your compliance plan on the cutting edge

While covered entities [...]

Sample HIPAA Security Officer Job Description
Whether you're thinking of creating a position in your facility for a HIPAA security officer, [...]

Conference Calendar Corner
From TCS compliance to security rule training, the month of September is chock full of [...]

Test Your HIPAA Smarts - It's Quiz Time!
Do you know the difference between an incidental disclosure and a HIPAA violation?

Can you spot [...]

Save Time And Money - Ask The Rights Questions
If you don't ask the right questions when it comes to HIPAA's transactions rule, how [...]

Reader Questions Answered
Doctors Anonymous

Question: Are doctors required to remove their names from the outside of their buildings [...]

HIPAA quiz:
Permitted Disclosure Or Privacy Violation - Can You Hear The Difference?
Can you spot the difference between a permitted incidental disclosure and a potential HIPAA privacy [...]

View All