Q: May a healthcare system consisting of multiple hospitals on separate campuses appoint a single HIPAA security officer to act for all of them, or should each site have its own security officer?
HIPAA Weekly Advisor, August 4, 2008
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
A: HIPAA does not require a security officer for each facility in an organization’s system, regardless of the size or number of facilities. The entire healthcare delivery system, and not its individual component hospitals, is the covered entity.
Some multisite organizations appoint one overall chief security officer and site-specific security officers (e.g., security technicians who report to the chief security officer). Other large multistate systems appoint one chief security officer and an assistant security officer for each state because each state may have multiple hospitals and other care settings. Assigning an individual to oversee each site or multiple sites in proximity (e.g., same city or metropolitan area) to monitor security is advisable, but appointing a chief security officer for each facility is unnecessary.
Editor's note: Chris Apgar, president of Portland, OR-based Apgar & Associates, LLC, answered this question. This is not legal advice. Consult your attorney on legal matters.
Want to receive articles like this one in your inbox? Subscribe to HIPAA Weekly Advisor!
Comments
0 comments on “Q: May a healthcare system consisting of multiple hospitals on separate campuses appoint a single HIPAA security officer to act for all of them, or should each site have its own security officer? ”
Related Products
Most Popular
- Articles
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- Catch up on what's new with injections and infusions
- Identify potential Medicaid RAC target areas
- HIPAA Q&A: Level of encryption needed for email
- Topic: CMS, OESS post new security compliance review information, checklist
- Capturing all necessary codes for IUD insertion and removal can be challenging
- What does case-mix index mean to you?
- OB services: Coding inside and outside of the package
- QA:Coding multiple initial infusions
- E-mailed
-
- Q/A: Volume requirement for reporting hydration services
- Featured blog post: Nurses face felony charges after reporting physician to the Texas Medical Board
- HIPAA Q&A: Level of encryption needed for email
- Q&A: Follow CMS' coding guidelines when using modifier -25
- What does case-mix index mean to you?
- Catch up on what's new with injections and infusions
- CMS has reformulated payments for some bilateral procedures
- New conflicts of interest create new challenges
- Q/A. One injection code or two?
- ED-to-inpatient transfers are flawed with safety gaps
- Searched