September 19, 2013

Question:

Jennifer,
How do I know who to choose in my practice as the Privacy Officer?
Thanks,
Dr. J

Answer:

There are a few answers to this question, and not necessarily a correct answer in the bunch.  I cannot tell you who should automatically qualify as the Privacy Officer, but answers include: (1) the practice owner or a managing partner; (2) the individual versed in the privacy laws and responsible for staying up to date; or (3) the individual responsible for resolving patient HIPAA issues.  In some practices the individual qualifying for each point set forth above is the same person; for many practices there is not one person meeting each of the 3 requirements set forth above, and the decision of who to anoint Privacy Officer is more difficult.  If the latter describes your practice arrangement, let me take this opportunity to caution against forcing this responsibility upon an unwilling employee, or an individual who has not been with the practice for an extended period of time with experience in compliance.  Another consideration when selecting your privacy officer, remember - the practice owner is the captain of the ship and will be held responsible should the practice not remain in compliance (and discovered), and therefore, may be the best person to be named as the responsible party.