I trust that you are creating and growing your risk management team.
This team should include (but not be limited to):
1) a HIPAA Privacy Officer;
2) an expert consultant in HIPAA regulations; and
3) an attorney licensed in your state to practice law.
HIPAA Privacy Officer – Click here to go to an Internet drop box to download a sample job description written by Lorraine Mazurek, our PMC National HIPAA consultant.
An Expert HIPAA Consultant – I suggest Lorraine Mazurek as she works with Pregnancy Medical Clinics and she understands our unique issues. You may reach her at – firstname.lastname@example.org.
An Attorney – As I travel the country working with PMCs, many attorneys are telling me that nonprofit laws in their states are rapidly changing. This is a big deal. You need to know when your legislature passes new laws or modifies current laws that may impact your organization.
For example, Oregon legislature recently passed the ‘first of it’s kind in the nation’ law that requires nonprofits to meet certain allocation of how they use their donations. This is why I believe that every PMC should have an attorney who is licensed in their state to keep you informed about any changes in your state’s laws that may impact your organization (i.e., changes made in your state’s security and privacy regulations). This can be an attorney who will donate their time to your organization or if you live in a high risk area, I recommend either having an attorney on your board of directors or on a professional retainer.
Protect first then advance.