Blog Post

80% of HIPAA Privacy Officers Report to the CEO or CO

Richard P. Kusserow | September 2019

Results of the 2019 HIPAA Compliance Benchmark Survey to be presented at our upcoming free webinar

More than 300 organizations participated in the Survey

Results from the first national HIPAA Compliance Benchmark Survey (Survey) conducted by Strategic Management Services, in conjunction with SAI Global, found that about 40 percent of Privacy Officers are reporting to their Compliance Office, and a similar number are reporting directly to the Chief Executive Officer (CEO) / President of their organization. Approximately 16 percent of respondents replied that the Privacy Officer reports directly to Legal Counsel, which is not surprising given the number of breach incidents resulting in legal enforcement by the HHS Office for Civil Rights (OCR). Other respondents indicated that their Privacy Officer reports to the Chief Financial Officer, Chief Operating Officer, Health Information Management, Risk Management, Information Technology, or another office. More than 300 healthcare organizations participated in the Survey, providing insight into the state of HIPAA Privacy programs. By comparison, the “2019 Healthcare Compliance Benchmark Survey” results indicated that over half of that survey’s respondents have HIPAA Privacy functions as part of the Compliance Office. The Survey results suggest that Privacy Officers may also have a reporting responsibility to higher authorities, beyond the Compliance Office. This demonstrates that HIPAA Privacy is following a similar path as the Compliance Office by reporting directly to top executive leadership. A full briefing and conversation on all the results will be presented by HIPAA experts, Catie Heindel and Lisa Shuman, of Strategic Management Services, on Tuesday, September 10th at 2:00pm EDT. Participants will be given a copy of the full report. Registration is open to everyone at no charge.

About the Author

Richard P. Kusserow established Strategic Management Services, LLC to assist health care organizations develop, implement and assess compliance programs. Mr. Kusserow has worked with health care organizations to conduct compliance program effectiveness evaluations, deliver advisory services, develop policies and procedures and deliver compliance and internal investigations training.

Subscribe to blog