HIPAA Security Officer Services (HIPAA SOS)

HIPAA Compliance Services for Covered Entities & Business Associates

Our HIPAA Security Officer Services will implement and support information security initiatives throughout your organization. BC Cloud Solutions will act as a focus and resource for your organization’s HIPAA Compliance & information security matters.

HIPAA Security Officer Services (HIPAA SOS):

HIPAA Security Officer Services (HIPAA SOS)

BC Cloud Solutions will work with those in corresponding roles at the organization group practices and at organization Health System sites. BC Cloud Solutions will take direction from the HIPAA Sponsor and work closely with the HIPAA Privacy Officer to achieve the goals of the organization. BC Cloud Solutions will investigate and recommend secure solutions that implement information security policy and standards. BC Cloud Solutions will coordinate the Office of Information Security activities and manage IT staff. BC Cloud Solutions will oversee, implement and monitor the security requirements levied by Federal and State Rules and Regulations.

HIPAA Security Officer Responsibilities:

  • Responsible for the management and oversight of the information security of individually protected health information (PHI).
    • Maintain current and appropriate body of knowledge necessary to perform the information security management function.
    • Effectively apply information security management knowledge to enhance the security of the open network and associated systems and services.
    • Maintain working knowledge of legislative and regulatory initiatives. Interpret and translate requirements for implementation.
    • Develop appropriate information security policies, standards, guidelines and procedures.
    • Develop & manage Business Associate Agreements for the organization
    • Develop & maintain HIPAA Policies & Procedures for the organization
    • Develop & maintain a Notice of Privacy Practices (NPP)
    • Work effectively with the Information Privacy Officer, should one exist, other information security personnel and the committee process.
    • Provide meaningful input, prepare effective presentations and communicates information security objectives.
    • Participate in short and long term planning.
    • Monitor Information Security Program compliance and effectiveness in coordination with the entity’s other compliance and operational assessment functions.
    • Oversee, direct, deliver, or ensure delivery of initial security training and orientation to all employees, volunteers, medical and professional staff, contractors, alliances, business associates, and other appropriate third parties.
    • Establish with management and operations a mechanism to track access to protected health information, within the purview of the organization and as required by law and to allow qualified individuals to review or receive a report on such activity.
    • Ensure compliance with security practices and consistent application of sanctions for failure to comply with security policies for all individuals in the organization’s workforce, extended workforce, and for all business associates, in cooperation with Human Resources, the information privacy officer, administration, and legal counsel as applicable.
    • Initiate, facilitates and promotes activities to foster information security awareness within the organization and related entities.
    • Serve as a member of, or liaison to, the organization’s Privacy Committee, should one exist. Also serve as the information security liaison for users of clinical and administrative systems.
    • Review all system-related information security plans throughout the organization’s network to ensure alignment between security and privacy practices, and acts as a liaison to the information systems department.
    • Conduct investigations of information security violations and computer crime. Works effectively with management and external law enforcement to resolve these instances.
    • Review instances of noncompliance and works effectively and tactfully to correct deficiencies.
    • Maintain current knowledge of applicable federal and state privacy laws and accreditation standards, and monitors advancements in information security technologies to ensure organizational adaptation and compliance.
    • Serve as information security consultant to the organization for all departments and appropriate entities.
    • Cooperate with the Office of Civil Rights, other legal entities, and organization officers in any compliance reviews or investigations.
    • Work with organization administration, legal counsel, and other related parties to represent the organization’s information security interests with external parties (state or local government bodies) who undertake to adopt or amend privacy legislation, regulation, or standard.
    • Certify that IT systems meet predetermined security requirements.
    • Strive to maintain high system availability.
  • Responsible for the management of information security personnel
    • Consult on & recommend positions and personnel necessary to accomplish information security goals. Request positions, screen personnel and take the lead in the interviewing and hiring process.
    • Develop meaningful job descriptions. Communicate expectations and actively coach personnel for success.
    • Prioritize and assign tasks. Review work performed. Challenges staff to better themselves and advance the level of service provided.
    • Provide meaningful feedback to staff on an on-going basis and formally appraise performance annually.
  • Responsible for promoting open lines of communications within the organization
    • Collaborates with other team members as needed or directed.
    • Make recommendations for the improvement of operational and procedural changes.
  • Responsible for keeping abreast of local, state and federal rules and regulations
    • Stay informed of latest web/internet tools and standards.
    • Seek out new ways of improving technical skills.
  • Responsible for performing other duties assigned but not limited to the following
    • Current duties as outlined in the current HIPAA Security Officer Services Agreement.
    • Special projects as assigned.