Understands all the privacy and security requirements of HIPAA, as well as business aspects and the technology information systems.

May appoint additional person to assist and oversee the compliance of the privacy entities.

Implements policies and procedures to ensure that XYZ Company maintains appropriate privacy and confidentiality, authorization forms, awareness training and updated information reflection legal procedures and requirements of the HIPAA standards.

Update, revise and maintain all forms used to follow the correct procedures of the HIPAA regulations.

Maintain all business associate agreements and trading partner agreements to ensure the privacy of all disclosed participant information.

Maintain and monitor the master key access to all entrance and exit doors, storage rooms, participant files, employee files, and procedures for changing these items.

Promptly change policies and procedures to comply with changes in the law.  Conduct periodic staff meetings to review current privacy procedures, instruct the staff on new privacy policies, and allow the office staff to comment on, or offer suggestions to maintain compliance regarding privacy issues.

Establish and administer a process for receiving, documenting, reporting and taking action on all complaints concerning privacy provisions.

Computers with modems or cable lines must be fire-walled to prevent unauthorized use or disclosure of information.

Filing cabinets containing PHI of financial information should be closed, locked or otherwise inaccessible to others.

All work areas containing health information and employment records should not be accessible to the public at anytime.

Office will maintain and monitor the HIPAA Administrative Compliance manual which contains records, contracts, agreements, passwords, security codes, etc.

Maintain a log of all complaints, actions and staff sanctions for any and all breaches of privacy and confidentiality.

Develop a disaster plan in event records are lost due to disasters, theft, fire or other unforeseen situations involving the loss of PHI or financial information.

All required records and logs are to be maintained for a period of six years following the creation date or last date in effect.