In so far as practicable, a Privacy Officer (PO) shall be designated at a health facility. The PO's identity shall be made known to any data subject upon request. It is recommended that the PO has to be on the VP level (or equivalent) to have sufficient authority to uphold privacy in the institution.

• Ultimately, the Privacy Officer (PO) is the person responsible for the privacy policy compliance at the health facility. The privacy officer is not automatically the personal information controller “who controls the collection, holding, processing or use of personal information.” While the latter is directly accountable for the protection of privacy, the PO sees to it that overall compliance is observed at the institution.
  
• The PO is responsible for developing and implementing privacy policies and procedures and assumes advocacy, capacity-building, and stake-holding functions.
  
• Manages the privacy aspect in the different areas of the operations.
  
• The PO and the privacy team shall identify the governance structure from national level down to RHU and align with them their facilities' privacy goals and initiatives.
  
• Ascertains the authority and delegates data collection to staff. Regularly audit the quality and integrity of patient record.
  
• Ensures that the entire process of editing data is documented: request for editing, reason for editing, who did the editing, the process followed in editing, and closing the editing.
  
• Identifies how PHI is created, stored, used and disclosed in paper and electronic format and maintains an inventory of how we use and disclose all protected health information (PHI).
  
• PO is the contact person responsible for receiving complaints and providing individuals with further information about matters contained in the health facility's Privacy Protocols.
  
• PO maintains a record of complaints and brief description of how they were resolved.
  
• Distribute the health facility's privacy protocols to all new patients and post the updated health facility's privacy protocols on the website.
  
• Continually update their knowledge of privacy rule guidelines, developments, and new regulations and must train workforce on these requirements. PO shall update the health facility's privacy protocols, acknowledgement forms, authorization, consents, and other forms as required and ensures that the workforce adheres to the policies and procedures, including imposing sanctions on workforce members that breach an individual's privacy.
  
• Effectively communicate technical and legal information to nontechnical and non-legal staff for employee training.
  
• PO and privacy team shall account for devices used in facility and ensure devices containing electronic protected health information (ePHI) are encrypted as required by health facility's privacy protocols.
  
• Review all business associate agreements or contracts for privacy compliance.
  
• Consistently apply sanctions, in accordance with the facility's policies and procedure.
  
• Regularly communicate the status of legal complaints, risks, and sanctions imposed on workforce members.
  
• Serve as the practice's resource for regulatory and accrediting bodies on matters relating to privacy and security.
  
• Work with Health Information Systems and portable technologies. Perform system or quality data check, compliance on the reporting form and safekeeping of backup data.
  
• Coordinate privacy safeguards with the practice's security officer to ensure consistency in development, documentation, and training for security and privacy requirements.
  
• Coordinate and communicate to practice leaders and audits of the National Health Privacy Board or any other governmental or accrediting organization.
  
• Coordinates with Risk manager (if any) to address privacy risks.
  
• PO reports directly to the hospital director, president, board of directors.
  

—-

• At least a bachelor's degree in management, information systems, human resources, health administration, or other relevant fields
  
• Minimum 5 years experience in health care
  
• Familiar with regulatory development and compliance, including standards, laws and regulations concerning information security and privacy
  
• Familiar with business functions and operations of large institutions (preferably health-related)
  
• Strong organizational and problem-solving skills
• Work effectively with teams and stakeholders
  
• Have the ability to communicate with clarity both orally and in writing
  
• Must undergo data privacy and security training from reputable providers
  

• While the PO is responsible for privacy management and compliance, he or she may delegate responsibilities to others within the organization if they are trained and communicate promptly with the privacy official on these matters.
  

• Consolidated Workshop Outputs