Ensure compliance with privacy practices

Ensure compliance with privacy practices and consistent application of sanctions for failure to comply with privacy policies for all individuals in the organizations workforce, extended workforce, and for all business associates, in co-operation with Human Resources, the information security officer, administration, and legal counsel as applicable. Establish, maintain and ensure compliance with written policies and practices that protect individual’s privacy and the confidentiality of Personal Health Information applicable to their areas of responsibility. Chief privacy officer act as a counsel in response to a privacy disclosure incident. Because privacy laws and regulations continue to evolve through actions of courts and regulators on an almost daily basis, an organization may seek to obtain services from a legal professional with specialization in the organization’s industry.

Source :
http://www.interniaudit.cz/download/ippf/GTAG/gtag_5_managing_and_auditing_privacy_risks.pdf