HIPAA Privacy Officer


Under HIPAA (the Health Insurance Portability and Accountability Act of 1996) every practice or healthcare organization must designate a privacy officer. The privacy officer may have other titles and duties in addition to his/her privacy officer designation in a typical practice or organizational setting. In terms of HIPAA compliance, the privacy officer shall oversee all ongoing activities related to the development, implementation and maintenance of the practice/organization’s privacy policies in accordance with applicable federal and state laws.


  • Education
    • A four-year college degree is required. MHA, MBA, or CPA is preferred.
    • Professional certification, e.g. HCCA.
  • Experience
    • Education and experience relative to the size and scope of the organization.
    • At least -3 years experience in a documented HIPAA compliance role.
  • Additional Requirements
    • Demonstrated skills in collaboration, teamwork, and problem-solving to achieve goals
    • Demonstrated skills in verbal communication and listening
    • Demonstrated skills in providing excellent service to customers
    • Excellent writing skills
    • A high level of integrity and trust
    • Knowledge of HIPAA, state and federal guidelines on privacy, transactions and security
    • Extensive familiarity with health care relevant legislation and standards for the protection of health information and patient privacy
    • Health care legal, operational, and or financial skills.

Position Responsibilities

  • Assists in the identification, implementation and maintenance of the practice/organization’s information privacy policies and procedures in coordination with his/her immediate supervisor, a Privacy Oversight Committee (if applicable in larger practices or practice groups) and legal counsel.
  • Serves in a leadership role for the Privacy Oversight Committee’s activities (if applicable in larger practices or practice groups).
  • Performs ongoing compliance monitoring activities.
  • Works with legal counsel and his/her immediate supervisor to ensure the practice/organization has and maintains appropriate privacy and confidentiality consent & authorization forms, information notices and materials reflecting current organization and legal practices and requirements.
  • Oversees, directs, delivers, or ensures delivery of privacy training and orientation to all employees, volunteers, medical and professional staff and applicable business associates.
  • Participates in the development, implementation, and ongoing compliance monitoring of all business associate agreements to ensure that all privacy concerns, requirements and responsibilities are addressed.
  • Establishes and maintains a mechanism to track access to protected health information, within the purview of the practice/organization and as required by law to allow qualified individuals to review or receive a report on such activity.
  • Oversees and ensures the right of the practice/organization’s patients to inspect, amend and restrict access to protected health information, when appropriate.
  • Establishes and administers a process for receiving, documenting, tracking, investigating, and taking action on all complaints concerning the practice/organization’s privacy policies and procedures in coordination and collaboration with other similar functions and, when necessary, legal counsel.
  • Ensures compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the practice/organization’s workforce, extended workforce, and for all business associates, in cooperation with his/her immediate supervisor, Human Resources, the information security officer and legal counsel, as applicable.
  • Initiates, facilitates and promotes activities to foster information privacy awareness within the organization and related entities.
  • Serves as a member of, or liaison to, the organization’s IRB or Privacy Committee, should one exist. Also serves as the information privacy liaison for users of clinical and administrative systems.
  • Reviews all system-related information security plans throughout the practice/ organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department, if applicable.
  • Works with all practice/organization personnel involved with any aspect of release of protected health information, to ensure full coordination and cooperation under the practice/organization’s policies and procedures and legal requirements
  • Maintains current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information privacy technologies to ensure organizational adaptation and compliance.
  • Cooperates with the U.S. Department of Health and Human Service’s Office of Civil Rights, other legal entities, and organization on officers in any compliance reviews or investigations.