I

Within the body of law and regulations known collectively as the Health Information Portability and Accountability Act (HIPAA), there are defined specific roles and responsibilities that accompany those roles. Although couched in somewhat general terms, these roles are generally known as chief security officer, chief information security officer, and chief privacy officer. There are others, but these are not specific enough to call out separately. Each of these roles must act in accordance with the requirements of the regulation to assure policy definition, awareness education, implementation, monitoring, and enforcement to achieve and maintain compliance in relation to Protected Health Information (PHI). They also have key roles in defining and implementing the enabling processes that facilitate compliance.