Participate in the development, implementation, and ongoing compliance monitoring of all business associates and business associate agreements, to ensure all privacy concerns, requirements, and responsibilities are addressed.
Oversee the monitoring of data access and investigations into breaches and complaints. Working closely with information technology team members, the officer makes sure adequate controls are in place to uphold privacy requirements. Controls range from data encryption to auditing of systems for proper access control levels. An investigation of any suspected breaches is prioritized over all other duties. If a breach affecting 500 or more patients is verified, the officer must notify both the media and the U.S. Department of Health and Human Services.