Assign Security Responsibility

The next item under the Administrative Section is to name a person that will be responsible for the development and implementation of the security policies and procedures. This is a required task.

When picking this person it is crucial that the person have a clear understanding of the issues regarding the security of your IT system and EPHI. I would also suggest that you have this person put together a small team to enable them to complete these security tasks before April 2005. In reality selecting a Security Officer should be the first thing to be done in this process. The Security Officer should be involved in all aspects of the implementation from the analysis stage all the way through implementation and monitoring.