Subcontracting a Privacy Official

Privacy Official Responsibilities

 

Many organizations have dedicated staff to take on the responsibility of the Privacy Official. In hospitals and medical facilities, typically this role is added to the responsibilities of the Health Information or Medical Records Manager.  The Privacy Official has the responsibility to enforce the Privacy rules throughout the organization.  In situations such as small clinics, Business Associates and Self-Funded Health Plans, these responsibilities are often unassigned and organizations need some additional help. You can choose to subcontract with Caris for these activities and let Caris be your solution.  We can take on this role permanetly or work with the organization to help train an individual that will eventually be responsible for all of the tasks under this role.

Privacy Official Role

 

Organizations are weighted down by the day to day activities that must occur to keep the business operating and often they do not have the time nor the energy to implement an effective and efficient compliance plan.

 

Caris can be subcontracted to take on the role as your Privacy Official, the benefits include:

  • Caris' depth of knowledge in the healthcare industry;

  • Caris' dedication to compliance since 2000;

  • Caris' experienced Privacy Official that can be used to evaluate the existing compliance practices, policies, procedures and training and create the appropriate and necessary changes to integrate compliance into daily activities;

  • Caris' ongoing education and research to stay on top of all the legislation;

  • Caris can develop and train the required staff in your organization;

  • Caris can create or modify existing policies and procedures as needed to keep up with industry, environmental, or regulatory requirements;

  • Caris can help you manage your Business Associates and the Agreements to ensure they include the necessary language changes for the latest Omnibus Rule in January of 2103, that the Business Associates are conducting the services they are providing in a compliant manner and if necessary request and obtain necessary additional satisfactory assurances from the Business Associates to ensure risk is mitigated for your organization; and

  • Caris can assist the Security Official with their required duties.

Current Client Examples

Privacy Official Role
 

Type of Entity: Business Associate

Business Description: This innovative printing and e-solutions provider services 100's of healthcare clients and has taken compliance seriously to grow this market further.  Caris supports their mission to provide health care and financial institutions across the country with innovative document and payment solutions that deliver cost savings and improved billing processes by implementing compliant operational practices, policies and procedures, annual training to staff members and ongoing compliance activities throughout the year. Caris supports the SOC 2 and PCI-DSS assessments annually, customer audits, and manages their Business Associate Agreements and subcontractor relationships.  Caris develops the compliance strategy on an annual basis to be in line with corporate goals and initiatives, facilitates the quarterly policy review meetings, and makes appropriate updates to each policy and procedure accordingly.

 

Type of Entity: Business Associate

Business Description: Organizations that support healthcare companies as a business associate must also be compliant with HIPAA.  these organizations may need assistance ensuring they have conducted the proper assessments and implemented the appropriate controls to continue serving the healthcare industry.

 

Type of Entity: Covered Entity (Self-Funded Health Plan)

Business Description: Many self-funded health plans are NOT in the healthcare business and implementing all of the regulatory standards and implementation specifications can be overwhelming. Caris can provide the Privacy official role to your organization to ensure the staff has been trained, policies and procedures have been written, and compliance has been integrated into the daily practices of those that handle the health plan information.

 

Type of Entity: Covered Healthcare Provider

Caris works with many Prosthetic and Orthotic providers that must implement appropriate HIPAA compliance activities for their organization.  Caris creates the training sessions, supports them as needed for review of Business Associate Agreements, implements appropriate policies and procedures and facilitates compliance activities as requested.

Are you looking for Privacy Official Assistance, Call Caris we can help (920) 639-6615.