HIPAA compliance is regulated by the Department of Health and Human Services (HHS) and enforced by the Office for Civil Rights (OCR). This modification added another level of compliance complexity to an industry not accustomed to operating in the cybersecurity domain - the healthcare industry.
HIPAA-covered entities must appoint a HIPAA security officer and a HIPAA privacy compliance officer.
The HIPAA regulation doesn’t provide clear guidelines about the roles and responsibilities of HIPAA Privacy Officers and HIPAA Security Officers.
Administrative safeguards for healthcare organizations and healthcare providers include: Annual workplace training covering compliance with the HIPAA Security and Privacy Rule.