Sample HIPAA Security Officer Job Description
Thank you to Advance Magazine for permission to use this article

Purpose
The HIPAA Security Officer is responsible for development, implementation, and oversight of the organization’s security policies and procedures as they relate to patient health information.

Responsibilities
Ensure the development and implementation of policies and procedures related to the security of patient health information

Coordinate initial and subsequent information risk assessments to ensure patient health information is adequately protected.

Lead information security training and awareness programs to educate the workforce.

Work with the privacy officer to:

• ensure alignment of privacy and security policies, procedures and practices
• ensure compliance with security related policies and procedures
• ensure appropriate access controls
• address and ensure disaster recovery and business continuity of patient health information
• establish, implement and lead an incident response team to contain, investigate and prevent future breaches of patient health information

Serve as information security consultant to the organization.

Cooperate with the Office of Civil Rights or other appropriate entities in any lawful compliance reviews or investigations related to patient health information security.

Represent the organization’s information security interests with external parties who undertake to adopt or amend security legislation.