top of page

Interim Privacy Official

Privacy Official Responsibilities


Many organizations have dedicated staff to take on the responsibility of the Privacy Official. In hospitals and medical facilities, typically this role is added to the responsibilities of the Health Information or Medical Records Manager.  The Privacy Official has the responsibility to enforce the Privacy rules throughout the organization.  In situations such as small clinics, Business Associates and Self-Funded Health Plans, these responsibilities are often unassigned and organizations need some additional help. You can choose to subcontract with Caris for these activities and let Caris be your solution.  We can help to mentor your staff for this role, provide additional support to the existing Privacy Official or serve as your interim Privacy Official.

Privacy Official Role


Organizations are weighted down by the day to day activities that must occur to keep the business operating and often they do not have the time nor the energy to implement an effective and efficient compliance plan.


Caris can be subcontracted to take on the role as your Privacy Official, the benefits include:

  • Caris' depth of knowledge in the healthcare industry;

  • Caris' dedication to compliance since 2000;

  • Caris' experienced Privacy Official that can be used to evaluate the existing compliance practices, policies, procedures and training and create the appropriate and necessary changes to integrate compliance into daily activities;

  • Caris' ongoing education and research to stay on top of all the legislation;

  • Caris can develop and train the required staff in your organization;

  • Caris can create or modify existing policies and procedures as needed to keep up with industry, environmental, or regulatory requirements;

  • Caris can help you manage your Business Associates and the Agreements to ensure they include the necessary language changes for the latest Omnibus Rule in January of 2103, that the Business Associates are conducting the services they are providing in a compliant manner and if necessary request and obtain necessary additional satisfactory assurances from the Business Associates to ensure risk is mitigated for your organization; and

  • Caris can assist the Security Official with their required duties.

Client Examples

Privacy Official Role

Type of Entity: Covered Health Plan/Business Associate

After assisting with the organization compliance strategy across covered components and non-covered components, Caris was called back to mentor the new Privacy Officer and Privacy team for their new roles in managing the organization's compliance strategy.  Bi-weekly meetings were scheduled to review each component of the rule, discuss the impacts to each of the entities in question and determine next steps for the Privacy team to take in their compliance journey.  This process quickly brought the team members up to speed on the rule, application of the rule and their ability to apply the rule internally.

Type of Entity: Business Associate

Business Description: This innovative printing and e-solutions provider services 100's of healthcare clients and took compliance seriously to grow this market further.  Caris supported their mission to provide health care and financial institutions across the country with innovative document and payment solutions that deliver cost savings and improved billing processes by implementing compliant operational practices, policies and procedures, annual training to staff members and ongoing compliance activities throughout the year. Caris supported the SOC 2 and PCI-DSS assessments annually, customer audits, and managed their Business Associate Agreements and subcontractor relationships.  Caris developed the compliance strategy on an annual basis to be in line with corporate goals and initiatives, facilitated the quarterly policy review meetings, and made appropriate updates to each policy and procedure accordingly.


Type of Entity: Business Associate

Business Description: Organizations that support healthcare companies as a business associate must also be compliant with HIPAA.  these organizations may need assistance ensuring they have conducted the proper assessments and implemented the appropriate controls to continue serving the healthcare industry.


Type of Entity: Covered Entity (Self-Funded Health Plan)

Business Description: Many self-funded health plans are NOT in the healthcare business and implementing all of the regulatory standards and implementation specifications can be overwhelming. Caris can provide the Privacy official role to your organization to ensure the staff has been trained, policies and procedures have been written, and compliance has been integrated into the daily practices of those that handle the health plan information.


Type of Entity: Covered Healthcare Provider

Caris worked with many Prosthetic and Orthotic providers that had to implement appropriate HIPAA compliance activities for their organization.  Caris created training sessions, supported them as needed for review of Business Associate Agreements, implemented appropriate policies and procedures and facilitated compliance activities as requested.

Are you looking for Privacy Official Assistance, Call Caris we can help (920) 639-6615.

bottom of page