Safety Coordinators and Privacy/Security Officers Defined, and Why Your Practice Needs Them
by Gracie Hogue, BM
The average dental practice is extremely busy in trying to keep up with patient and treatment schedules. So for many practice staff, the thought of keeping up with both OSHA and HIPAA compliance is overwhelming. This is why it is vital to have designated officers that can handle these components.
Let’s define these roles and go into detail about what each officer handles.
The Safety Coordinator is responsible for the following duties:
- Ensures that a copy of the OSHA Manual is available to the entire workforce.
- Provides or coordinates training on bloodborne pathogens and infection control and prevention.
- Maintains a copy of the training rosters.
- Maintains the confidential medical records of the workforce members whether a secure paper copy or electronic password-protected copy.
- Maintains adequate inventory of appropriate personal protective equipment and ensures the workforce members know how to locate PPE.
- Reports to management any noncompliance.
It’s a great idea for the Safety Coordinator to know the ins and outs of the OSHA Manual; especially what parts need annual updating from the practice (such as the Sharps Injury Log and the Safer Device Evaluations). The Safety Coordinator should have a basic understanding of the procedures if someone has a post-exposure incident, or how to direct staff and patients in emergency situations such as a fire or a tornado.
The Safety Coordinator is to be at the practice when the doors are open to patients. OSHA does randomly audit practices, and if they show up at a practice and the Safety Coordinator is not present, reasons such as “she doesn’t work on Mondays” or “he is at our other location on Tuesdays and Thursdays” is not going to fly with OSHA. If you have multiple locations, each location should have its own Safety Officer/Coordinator who is consistently present when the practice is open.
The Security Officer is responsible for the following activities:
- Ensures that reasonable safeguards are in place to safeguard the confidentiality, integrity, and availability of ePHI.
- Ensures compliance with required and addressable technical, administrative, and physical safeguards in accordance with the Health Insurance and Portability Act of 1996, applicable federal and state laws.
- Provides training for the Practice’s workforce.
- Continues to research federal and state regulations regarding HIPAA compliance and ePHI and align the Practice’s HIPAA policies with such regulations.
- Updates the Practice’s HIPAA security policies and procedures and maintains documentation.
- Conducts a Security Risk Assessment and implements a Risk Assessment Work Plan; maintain documentation.
- Identifies assets.
- Ensures an effective security incident response policy.
- Employs the user rights feature of program systems and regularly reviews user rights.
- Maintains adequate physical security relative to the size of the organization.
- Works closely with the IT System Analyst to determine effective monitoring of ePHI.
- Fosters information security awareness within the Practice and in dealing with Business Associates.
- Responsible for security risk analysis, breach determination, mitigation, and remediation.
The Privacy Officer is responsible for the following activities:
- Provides training to include at the initial hire, periodically and thereafter annually.
- Develops practice-wide privacy policies and procedures.
- Conducts ongoing monitoring activities.
- Revises the privacy program as necessary to comply with changes in the law and regulations.
- Addresses complaints from workforce members, patients, and individuals.
- Promote activities to foster privacy awareness and compliance within the practice.
- Collaborates with legal counsel in handling any federal or state government investigations of the organization regarding privacy.
The Security and/or Privacy Officer(s) need to feel comfortable with the understanding of how Risk Assessments, Business Associates, and Business Associate Agreements work. They need to be able to ask good questions of the practice’s IT, and to help the practice team create a “human firewall” so that security incidents are kept at a minimum. With security incidents happening more and more frequently, this role is imperative.
If your Safety Coordinator or Privacy and/or Security Officers would like extra knowledge in these roles, please reach out to us about our accredited Advanced OSHA Safety Coordinator and Advanced HIPAA Officer courses at (931) 232-7738.