Who Should Be Your Privacy Officer?

Anatomy of a Privacy Officer graphic


Healthcare Data Confidence Tips from Confidata: Privacy Officers

Under HIPAA, every medical office must designate a privacy officer. Depending on the size of your practice, however, you may not need to create a full-time position.

Whether your privacy officer is full-time or takes on the responsibility for patient privacy and HIPAA compliance in addition to current duties, he or she needs to possess a few key qualities.


A privacy officer is a…

1. Leader.

Your privacy officer needs to be a leader who can inspire your staff to buy into existing and future privacy policies. The issues surrounding personal data, PHI, and privacy are only going to get more complicated as technology gets more sophisticated. Make sure your privacy officer is someone who embraces change and finds a way to encourage those who don’t.

2. Innovator.

Part of protecting your patients’ privacy is being one step ahead of those who would compromise it. Choose a privacy officer who is interested in improving the status quo and always looking for solutions to tomorrow’s privacy problems (for example, maybe today your office needs a shredding solution, but tomorrow you might be more concerned with electronic data disposal).

3. Manager.

Contrary to popular belief, management and leadership are not the same thing. While you’re looking for someone who can inspire the staff to embrace change and be constantly looking forward to the next privacy protection challenge, you also need to be sure you can trust this person with the detail-oriented, day-to-day management of privacy AND personnel issues. Find someone who is into both the ideas and the details and you’ve hit privacy officer gold.

4. Communicator.

A privacy officer deals more with people than with data. Your privacy officer will need to interface with staff, patients, legal counsel and, of course, the U.S. Department of Health and Human Services’ Office of Civil Rights. Look for someone with strong written and oral communication skills.

…who is

5. Organized.

The privacy officer establishes, maintains, and monitors your office’s privacy practices and protocol. This requires the ability to see all of the moving pieces from the beginning and put them into action.

6. Detail-Oriented.

Of course, there is a second layer to being organized. Someone can be excellent at seeing the forest, but forget that it’s made of trees. A privacy officer needs to be able to see the big picture, but more importantly your privacy officer needs to understand how all the details work together to ensure there are no loose ends left to potentially compromise PHI.

7. Responsive.

A good privacy officer is responsive, but not reactionary. Does your privacy officer take the time to learn from issues with current processes and devise a way to move forward without compromising your practice’s flexibility OR your patients’ privacy?

8. Perceptive.

Finally, your privacy officer needs to be observant, knowledgeable, and discerning. Privacy is an increasingly complex issue, especially for medical offices who will need to decide how and where to securely share information with patients and other authorized users. Choose your privacy officer carefully because he or she will be guiding the decisions your office makes about technology and compliance.