John, I don't think it is necessary to appoint a legal person per say. Since HIPAA's main focus is the protection of IT this should be right up your alley.
It would be quite expensive if you had say an attorney handle everything. It is cheaper to call legal counsel and ask questions about things you are not sure of. Depending on the size of your company you may have an attorney on retainer. Your best bet is to have yourself as the one heading up HIPAA and put together a committee with the heads of Health insurance area and other departments you may not know a lot about. My areas of expertise tend to lean towards physical security and personnel security.. I work with the Director of Nursing, Administrator, and the lead person in IT. I also use advise from our field supervisor. We have a small committee and we hash over things to put things together. It is nice to have different opinions and perspectives to put a plan together. JC Progressive Home Care Cleveland, Ohio ----- Original Message ----- From: "Kuisle, John P." <[EMAIL PROTECTED]> To: "WEDI SNIP Security Workgroup List" <[EMAIL PROTECTED]> Sent: Tuesday, September 16, 2003 12:47 PM Subject: HIPAA Security Official All, I was looking for a little feedback on what other companies are doing with regard to naming a Security Official to comply with the HIPAA Security rule. As one of our Legal experts and I looked at the duties of that person, many of them were aligned with my job, so the logical conclusion is that I could fill the role. However, since I'm an IT person, fairly low on the food chain and not really aligned with any particular business area and since the HIPAA Security Regs are specific to electronic health information, there was some question about whether this responsibility should be given to someone from our Health Insurance area or a Legal person. John Kuisle IS Supervisor - Security and Business Recovery Federated Mutual Insurance 507-455-5477 ____________________________________________________________________________ ____________________ This information is intended only for the use of the addressee(s) and may contain privileged, confidential or proprietary information. If you are not the intended recipient, or the employee or agent responsible for delivering the message to the intended recipient, you are hereby notified that any dissemination, distribution, displaying, copying, or use of this information is strictly prohibited. If you have received this communication in error, please notify us immediately at [EMAIL PROTECTED] or by telephone at (800) 533-0472, and return the information to the sender with all copies deleted and destroyed. Thank you. --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org --- The WEDI SNIP listserv to which you are subscribed is not moderated. The discussions on this listserv therefore represent the views of the individual participants, and do not necessarily represent the views of the WEDI Board of Directors nor WEDI SNIP. If you wish to receive an official opinion, post your question to the WEDI SNIP Issues Database at http://snip.wedi.org/tracking/. These listservs should not be used for commercial marketing purposes or discussion of specific vendor products and services. They also are not intended to be used as a forum for personal disagreements or unprofessional communication at any time. You are currently subscribed to wedi-security as: [EMAIL PROTECTED] To unsubscribe from this list, go to the Subscribe/Unsubscribe form at http://subscribe.wedi.org or send a blank email to [EMAIL PROTECTED] If you need to unsubscribe but your current email address is not the same as the address subscribed to the list, please use the Subscribe/Unsubscribe form at http://subscribe.wedi.org
