Lorem ipsum dolor sit amet, consectetur adipiscing elit. Vivamus convallis sem tellus, vitae egestas felis vestibule ut.

Error message details.

Reuse Permissions

Request permission to republish or redistribute SHRM content and materials.

HIPAA Privacy Officer

Job Summary:

The HIPAA (Health Insurance Portability and Accountability Act) Privacy Officer will develop, manage, and implement processes to ensure the organizations compliance with applicable federal and state HIPAA regulations and guidelines, particularly regarding the organizations access to and use of protected health information (PHI).

Supervisory Responsibilities:

  • May develop and lead the organizations health information privacy committee, task force, or similar group.
  • Develops and provides training on health information privacy requirements and procedures.
  • Makes or facilitates appropriate disciplinary steps and sanctions as needed when any member of the workforce fails to comply with privacy policies.


  • Evaluates the organizations existing policies and procedures for HIPAA compliance by performing HIPAA risk assessments.
  • Collaborates with plan management, administration, and legal counsel to identify and address privacy policies and procedures that require improvement.
  • Develops and assists with implementation of new and updated policies and procedures.
  • Maintains policies and procedures related to PHI access and use; ensures strict adherence by all staff with access to PHI.
  • Assesses methods and procedures used to store and transmit PHI; identifies security or other compliance risks and researches and recommends improvements.
  • Maintains required records and supporting documentation including authorization forms, notices, and plan documents.
  • Communicates with individuals regarding their right to inspect, amend, and restrict access to their PHI.
  • Drafts and implements procedures for addressing and resolving complaints regarding the organizations privacy policies and procedures.
  • Serves as the internal subject matter expert on HIPAA, maintaining current knowledge of HIPAA laws and regulations, and any other applicable federal and state privacy laws or regulations.
  • Reports on changes in applicable laws and regulations and provides training as needed.
  • Performs other related duties as assigned.

Required Skills/Abilities:

  • Excellent verbal and written communication skills.
  • Thorough understanding of HIPAAs regulations, requirements, and guidelines.
  • Thorough understanding of related information privacy laws and regulations including those governing access, release of information, and security technologies.
  • Ability to explain and present complex information clearly and thoroughly.
  • Excellent organizational skills and attention to detail.
  • Proficient with Microsoft Office Suite or related software.

Education and Experience:

  • Bachelors degree in Human Resources or related field required.
  • Experience with HIPAA strongly desired.
  • At least two years of related experience required.
  • SHRM-CP or SHRM-SCP preferred.

Physical Requirements:

  • Prolonged periods sitting at a desk and working on a computer.
  • Must be able to lift up to 15 pounds at times.


​An organization run by AI is not a futuristic concept. Such technology is already a part of many workplaces and will continue to shape the labor market and HR. Here's how employers and employees can successfully manage generative AI and other AI-powered systems.