A Compliance Officer is an individual that needs to have a strong understanding of his/her organization's processes, documentation practices, risk management practices, incident response plan and current compliance requirements. Read below for additional details or download the detailed job description.
Information acquisition, utilization and disposition are processes that must be efficient and effective to enable the business to accomplish its mission.
The Compliance Officer needs to understand documentation because he/she will have to produce it during normal performance of their tasks:
A Compliance Officer needs to understand the basics of risk management and remediation:
They need to understand how to respond to incidents of compromise:
The Compliance Officer most certainly needs to understand requirements and what it means to be "compliant" in each case.
This is more than simply knowing them, the Compliance Officer must know how to achieve them in a balanced way that allows them to establish a compliant position (either in the "letter" or the "spirit" of the law as the case may be), while enabling the entity to function efficiently and effectively.
This means the Compliance Officer must understand about control types:
The Compliance Officer must also understand the individual categories (each of these exists in each of the above types):
Regarding the treatment of protected health information, Covered Entities shall use all appropriate safeguards to prevent use or disclosure of Protected Health Information received from, or created or received on behalf of, the Covered Entity other than as provided for in the Business Associate Agreement or as required by law.