Section §164.308 of the Health Insurance Portability and Accountability Act (HIPAA) covers security management and assigning overall responsibility for security policies to an individual in the organization. This article focuses on the required HIPAA administrative safeguards covered in subsections §164.308(a)(1) and (a)(2) describing policies and responsibilities. Section (a)(2) is a simple requirement. The organization must identify an individual as the Security Official who is responsible for the policies and procedures that bring the organization into compliance with the law. The Security Official is responsible for communicating these policies effectively to all workforce members. These policies must also cover the workforce and training requirements discussed in section §164.308 which will be covered in a later article. In order to be HIPAA compliant,[…]